@datafire/google_alertcenter
v3.0.0
Published
DataFire integration for G Suite Alert Center API
Downloads
8
Readme
@datafire/google_alertcenter
Client library for G Suite Alert Center API
Installation and Usage
npm install --save @datafire/google_alertcenter
let google_alertcenter = require('@datafire/google_alertcenter').create({
access_token: "",
refresh_token: "",
client_id: "",
client_secret: "",
redirect_uri: ""
});
.then(data => {
console.log(data);
});
Description
Manages alerts on issues affecting your domain.
Actions
oauthCallback
Exchange the code passed to your redirect URI for an access_token
google_alertcenter.oauthCallback({
"code": ""
}, context)
Input
- input
object
- code required
string
- code required
Output
- output
object
- access_token
string
- refresh_token
string
- token_type
string
- scope
string
- expiration
string
- access_token
oauthRefresh
Exchange a refresh_token for an access_token
google_alertcenter.oauthRefresh(null, context)
Input
This action has no parameters
Output
- output
object
- access_token
string
- refresh_token
string
- token_type
string
- scope
string
- expiration
string
- access_token
alertcenter.alerts.list
Lists the alerts.
google_alertcenter.alertcenter.alerts.list({}, context)
Input
- input
object
- customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alerts are associated with. Inferred from the caller identity if not provided. - filter
string
: Optional. A query string for filtering alert results. For more details, see Query filters and Supported query filter fields. - orderBy
string
: Optional. The sort order of the list results. If not specified results may be returned in arbitrary order. You can sort the results in descending order based on the creation timestamp usingorder_by="create_time desc"
. Currently, supported sorting arecreate_time asc
,create_time desc
,update_time desc
- pageSize
integer
: Optional. The requested page size. Server may return fewer items than requested. If unspecified, server picks an appropriate default. - pageToken
string
: Optional. A token identifying a page of results the server should return. If empty, a new iteration is started. To continue an iteration, pass in the value from the previous ListAlertsResponse's next_page_token field. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- customerId
Output
- output ListAlertsResponse
alertcenter.alerts.delete
Marks the specified alert for deletion. An alert that has been marked for deletion is removed from Alert Center after 30 days. Marking an alert for deletion has no effect on an alert which has already been marked for deletion. Attempting to mark a nonexistent alert for deletion results in a NOT_FOUND
error.
google_alertcenter.alertcenter.alerts.delete({
"alertId": ""
}, context)
Input
- input
object
- alertId required
string
: Required. The identifier of the alert to delete. - customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert is associated with. Inferred from the caller identity if not provided. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- alertId required
Output
- output Empty
alertcenter.alerts.get
Gets the specified alert. Attempting to get a nonexistent alert returns NOT_FOUND
error.
google_alertcenter.alertcenter.alerts.get({
"alertId": ""
}, context)
Input
- input
object
- alertId required
string
: Required. The identifier of the alert to retrieve. - customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert is associated with. Inferred from the caller identity if not provided. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- alertId required
Output
- output Alert
alertcenter.alerts.feedback.list
Lists all the feedback for an alert. Attempting to list feedbacks for a non-existent alert returns NOT_FOUND
error.
google_alertcenter.alertcenter.alerts.feedback.list({
"alertId": ""
}, context)
Input
- input
object
- alertId required
string
: Required. The alert identifier. The "-" wildcard could be used to represent all alerts. - customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert feedback are associated with. Inferred from the caller identity if not provided. - filter
string
: Optional. A query string for filtering alert feedback results. For more details, see Query filters and Supported query filter fields. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- alertId required
Output
- output ListAlertFeedbackResponse
alertcenter.alerts.feedback.create
Creates new feedback for an alert. Attempting to create a feedback for a non-existent alert returns NOT_FOUND
error. Attempting to create a feedback for an alert that is marked for deletion returns `FAILED_PRECONDITION' error.
google_alertcenter.alertcenter.alerts.feedback.create({
"alertId": ""
}, context)
Input
- input
object
- alertId required
string
: Required. The identifier of the alert this feedback belongs to. - customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert is associated with. Inferred from the caller identity if not provided. - body AlertFeedback
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- alertId required
Output
- output AlertFeedback
alertcenter.alerts.getMetadata
Returns the metadata of an alert. Attempting to get metadata for a non-existent alert returns NOT_FOUND
error.
google_alertcenter.alertcenter.alerts.getMetadata({
"alertId": ""
}, context)
Input
- input
object
- alertId required
string
: Required. The identifier of the alert this metadata belongs to. - customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert metadata is associated with. Inferred from the caller identity if not provided. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- alertId required
Output
- output AlertMetadata
alertcenter.alerts.undelete
Restores, or "undeletes", an alert that was marked for deletion within the past 30 days. Attempting to undelete an alert which was marked for deletion over 30 days ago (which has been removed from the Alert Center database) or a nonexistent alert returns a NOT_FOUND
error. Attempting to undelete an alert which has not been marked for deletion has no effect.
google_alertcenter.alertcenter.alerts.undelete({
"alertId": ""
}, context)
Input
- input
object
- alertId required
string
: Required. The identifier of the alert to undelete. - body UndeleteAlertRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- alertId required
Output
- output Alert
alertcenter.alerts.batchDelete
Performs batch delete operation on alerts.
google_alertcenter.alertcenter.alerts.batchDelete({}, context)
Input
- input
object
- body BatchDeleteAlertsRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
Output
- output BatchDeleteAlertsResponse
alertcenter.alerts.batchUndelete
Performs batch undelete operation on alerts.
google_alertcenter.alertcenter.alerts.batchUndelete({}, context)
Input
- input
object
- body BatchUndeleteAlertsRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
Output
- output BatchUndeleteAlertsResponse
alertcenter.getSettings
Returns customer-level settings.
google_alertcenter.alertcenter.getSettings({}, context)
Input
- input
object
- customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert settings are associated with. Inferred from the caller identity if not provided. - $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- customerId
Output
- output Settings
alertcenter.updateSettings
Updates the customer-level settings.
google_alertcenter.alertcenter.updateSettings({}, context)
Input
- input
object
- customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert settings are associated with. Inferred from the caller identity if not provided. - body Settings
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- customerId
Output
- output Settings
Definitions
AccountWarning
- AccountWarning
object
: Alerts for user account warning events.- email
string
: Required. The email of the user that this event belongs to. - loginDetails LoginDetails
- email
ActivityRule
- ActivityRule
object
: Alerts from G Suite Security Center rules service configured by admin.- actionNames
array
: List of action names associated with the rule threshold.- items
string
- items
- createTime
string
: Rule create timestamp. - description
string
: Description of the rule. - displayName
string
: Alert display name. - name
string
: Rule name. - query
string
: Query that is used to get the data from the associated source. - supersededAlerts
array
: List of alert IDs superseded by this alert. It is used to indicate that this alert is essentially extension of superseded alerts and we found the relationship after creating these alerts.- items
string
- items
- supersedingAlert
string
: Alert ID superseding this alert. It is used to indicate that superseding alert is essentially extension of this alert and we found the relationship after creating both alerts. - threshold
string
: Alert threshold is for example “COUNT > 5”. - triggerSource
string
: The trigger sources for this rule. * GMAIL_EVENTS * DEVICE_EVENTS * USER_EVENTS - updateTime
string
: The timestamp of the last update to the rule. - windowSize
string
: Rule window size. Possible values are 1 hour or 24 hours.
- actionNames
Alert
- Alert
object
: An alert affecting a customer.- alertId
string
: Output only. The unique identifier for the alert. - createTime
string
: Output only. The time this alert was created. - customerId
string
: Output only. The unique identifier of the Google account of the customer. - data
object
: Optional. The data associated with this alert, for example google.apps.alertcenter.type.DeviceCompromised. - deleted
boolean
: Output only.True
if this alert is marked for deletion. - endTime
string
: Optional. The time the event that caused this alert ceased being active. If provided, the end time must not be earlier than the start time. If not provided, it indicates an ongoing alert. - etag
string
: Optional.etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform alert updates in order to avoid race conditions: Anetag
is returned in the response which contains alerts, and systems are expected to put that etag in the request to update alert to ensure that their change will be applied to the same version of the alert. If noetag
is provided in the call to update alert, then the existing alert is overwritten blindly. - metadata AlertMetadata
- securityInvestigationToolLink
string
: Output only. An optional Security Investigation Tool query for this alert. - source
string
: Required. A unique identifier for the system that reported the alert. This is output only after alert is created. Supported sources are any of the following: * Google Operations * Mobile device management * Gmail phishing * Domain wide takeout * State sponsored attack * Google identity - startTime
string
: Required. The time the event that caused this alert was started or detected. - type
string
: Required. The type of the alert. This is output only after alert is created. For a list of available alert types see G Suite Alert types. - updateTime
string
: Output only. The time this alert was last updated.
- alertId
AlertFeedback
- AlertFeedback
object
: A customer feedback about an alert.- alertId
string
: Output only. The alert identifier. - createTime
string
: Output only. The time this feedback was created. - customerId
string
: Output only. The unique identifier of the Google account of the customer. - email
string
: Output only. The email of the user that provided the feedback. - feedbackId
string
: Output only. The unique identifier for the feedback. - type
string
(values: ALERT_FEEDBACK_TYPE_UNSPECIFIED, NOT_USEFUL, SOMEWHAT_USEFUL, VERY_USEFUL): Required. The type of the feedback.
- alertId
AlertMetadata
- AlertMetadata
object
: An alert metadata.- alertId
string
: Output only. The alert identifier. - assignee
string
: The email address of the user assigned to the alert. - customerId
string
: Output only. The unique identifier of the Google account of the customer. - etag
string
: Optional.etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of an alert metadata from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform metatdata updates in order to avoid race conditions: Anetag
is returned in the response which contains alert metadata, and systems are expected to put that etag in the request to update alert metadata to ensure that their change will be applied to the same version of the alert metadata. If noetag
is provided in the call to update alert metadata, then the existing alert metadata is overwritten blindly. - severity
string
: The severity value of the alert. Alert Center will set this field at alert creation time, default's to an empty string when it could not be determined. The supported values for update actions on this field are the following: * HIGH * MEDIUM * LOW - status
string
: The current status of the alert. The supported values are the following: * NOT_STARTED * IN_PROGRESS * CLOSED - updateTime
string
: Output only. The time this metadata was last updated.
- alertId
AppMakerSqlSetupNotification
- AppMakerSqlSetupNotification
object
: Alerts from App Maker to notify admins to set up default SQL instance.- requestInfo
array
: List of applications with requests for default SQL set up.- items RequestInfo
- requestInfo
Attachment
- Attachment
object
: Attachment with application-specific information about an alert.- csv Csv
BadWhitelist
- BadWhitelist
object
: Alert for setting the domain or IP that malicious email comes from as whitelisted domain or IP in Gmail advanced settings.- domainId DomainId
- maliciousEntity MaliciousEntity
- messages
array
: The list of messages contained by this alert.- items GmailMessageInfo
- sourceIp
string
: The source IP address of the malicious email, for example,127.0.0.1
.
BatchDeleteAlertsRequest
- BatchDeleteAlertsRequest
object
: A request to perform batch delete on alerts.- alertId
array
: Required. list of alert IDs.- items
string
- items
- customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alerts are associated with.
- alertId
BatchDeleteAlertsResponse
- BatchDeleteAlertsResponse
object
: Response to batch delete operation on alerts.- failedAlertStatus
object
: The status details for each failed alert_id. - successAlertIds
array
: The successful list of alert IDs.- items
string
- items
- failedAlertStatus
BatchUndeleteAlertsRequest
- BatchUndeleteAlertsRequest
object
: A request to perform batch undelete on alerts.- alertId
array
: Required. list of alert IDs.- items
string
- items
- customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alerts are associated with.
- alertId
BatchUndeleteAlertsResponse
- BatchUndeleteAlertsResponse
object
: Response to batch undelete operation on alerts.- failedAlertStatus
object
: The status details for each failed alert_id. - successAlertIds
array
: The successful list of alert IDs.- items
string
- items
- failedAlertStatus
CloudPubsubTopic
- CloudPubsubTopic
object
: A reference to a Cloud Pubsub topic. To register for notifications, the owner of the topic must grant[email protected]
theprojects.topics.publish
permission.- payloadFormat
string
(values: PAYLOAD_FORMAT_UNSPECIFIED, JSON): Optional. The format of the payload that would be sent. If not specified the format will be JSON. - topicName
string
: Thename
field of a Cloud Pubsub [Topic] (https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics#Topic).
- payloadFormat
Csv
- Csv
object
: A representation of a CSV file attachment, as a list of column headers and a list of data rows.- dataRows
array
: The list of data rows in a CSV file, as string arrays rather than as a single comma-separated string.- items CsvRow
- headers
array
: The list of headers for data columns in a CSV file.- items
string
- items
- dataRows
CsvRow
- CsvRow
object
: A representation of a single data row in a CSV file.- entries
array
: The data entries in a CSV file row, as a string array rather than a single comma-separated string.- items
string
- items
- entries
DeviceCompromised
- DeviceCompromised
object
: A mobile device compromised alert. Derived from audit logs.- email
string
: The email of the user this alert was created for. - events
array
: Required. The list of security events.
- email
DeviceCompromisedSecurityDetail
- DeviceCompromisedSecurityDetail
object
: Detailed information of a single MDM device compromised event.- deviceCompromisedState
string
: The device compromised state. Possible values are "Compromised
" or "Not Compromised
". - deviceId
string
: Required. The device ID. - deviceModel
string
: The model of the device. - deviceType
string
: The type of the device. - iosVendorId
string
: Required for iOS, empty for others. - resourceId
string
: The device resource ID. - serialNumber
string
: The serial number of the device.
- deviceCompromisedState
DlpRuleViolation
- DlpRuleViolation
object
: Alerts that get triggered on violations of Data Loss Prevention (DLP) rules.- ruleViolationInfo RuleViolationInfo
DomainId
- DomainId
object
: Domain ID of Gmail phishing alerts.- customerPrimaryDomain
string
: The primary domain for the customer.
- customerPrimaryDomain
DomainWideTakeoutInitiated
- DomainWideTakeoutInitiated
object
: A takeout operation for the entire domain was initiated by an admin. Derived from audit logs.- email
string
: The email of the admin who initiated the takeout. - takeoutRequestId
string
: The takeout request ID.
- email
Empty
- Empty
object
: A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation forEmpty
is empty JSON object{}
.
GmailMessageInfo
- GmailMessageInfo
object
: Details of a message in phishing spike alert.- attachmentsSha256Hash
array
: TheSHA256
hash of email's attachment and all MIME parts.- items
string
- items
- date
string
: The date the malicious email was sent. - md5HashMessageBody
string
: The hash of the message body text. - md5HashSubject
string
: The MD5 Hash of email's subject (only available for reported emails). - messageBodySnippet
string
: The snippet of the message body text (only available for reported emails). - messageId
string
: The message ID. - recipient
string
: The recipient of this email. - subjectText
string
: The email subject text (only available for reported emails).
- attachmentsSha256Hash
GoogleOperations
- GoogleOperations
object
: An incident reported by Google Operations for a G Suite application.- affectedUserEmails
array
: The list of emails which correspond to the users directly affected by the incident.- items
string
- items
- attachmentData Attachment
- description
string
: A detailed, freeform incident description. - title
string
: A one-line incident description.
- affectedUserEmails
ListAlertFeedbackResponse
- ListAlertFeedbackResponse
object
: Response message for an alert feedback listing request.- feedback
array
: The list of alert feedback. Feedback entries for each alert are ordered by creation time descending.- items AlertFeedback
- feedback
ListAlertsResponse
- ListAlertsResponse
object
: Response message for an alert listing request.- alerts
array
: The list of alerts.- items Alert
- nextPageToken
string
: The token for the next page. If not empty, indicates that there may be more alerts that match the listing request; this value can be used in a subsequent ListAlertsRequest to get alerts continuing from last result of the current list call.
- alerts
LoginDetails
- LoginDetails
object
: The details of the login action.- ipAddress
string
: Optional. The human-readable IP address (for example,11.22.33.44
) that is associated with the warning event. - loginTime
string
: Optional. The successful login time that is associated with the warning event. This isn't present for blocked login attempts.
- ipAddress
MailPhishing
- MailPhishing
object
: Proto for all phishing alerts with common payload. Supported types are any of the following: * User reported phishing * User reported spam spike * Suspicious message reported * Phishing reclassification * Malware reclassification * Gmail potential employee spoofing- domainId DomainId
- isInternal
boolean
: Iftrue
, the email originated from within the organization. - maliciousEntity MaliciousEntity
- messages
array
: The list of messages contained by this alert.- items GmailMessageInfo
- systemActionType
string
(values: SYSTEM_ACTION_TYPE_UNSPECIFIED, NO_OPERATION, REMOVED_FROM_INBOX): System actions on the messages.
MaliciousEntity
- MaliciousEntity
object
: Entity whose actions triggered a Gmail phishing alert.- displayName
string
: The header from display name. - entity User
- fromHeader
string
: The sender email address.
- displayName
MatchInfo
- MatchInfo
object
: Proto that contains match information from the condition part of the rule.- predefinedDetector PredefinedDetectorInfo
- userDefinedDetector UserDefinedDetectorInfo
Notification
- Notification
object
: Settings for callback notifications. For more details see G Suite Alert Notification.- cloudPubsubTopic CloudPubsubTopic
PhishingSpike
- PhishingSpike
object
: Alert for a spike in user reported phishing. Warning: This type has been deprecated. Use MailPhishing instead.- domainId DomainId
- isInternal
boolean
: Iftrue
, the email originated from within the organization. - maliciousEntity MaliciousEntity
- messages
array
: The list of messages contained by this alert.- items GmailMessageInfo
PredefinedDetectorInfo
- PredefinedDetectorInfo
object
: Detector provided by Google.- detectorName
string
: Name that uniquely identifies the detector.
- detectorName
RequestInfo
- RequestInfo
object
: Requests for one application that needs default SQL setup.- appDeveloperEmail
array
: List of app developers who triggered notifications for above application.- items
string
- items
- appKey
string
: Required. The application that requires the SQL setup. - numberOfRequests
string
: Required. Number of requests sent for this application to set up default SQL instance.
- appDeveloperEmail
ResourceInfo
- ResourceInfo
object
: Proto that contains resource information.- documentId
string
: Drive file ID. - resourceTitle
string
: Title of the resource, for example email subject, or document title.
- documentId
RuleInfo
- RuleInfo
object
: Proto that contains rule information.- displayName
string
: User provided name of the rule. - resourceName
string
: Resource name that uniquely identifies the rule.
- displayName
RuleViolationInfo
- RuleViolationInfo
object
: Common alert information about violated rules that are configured by G Suite administrators.- dataSource
string
(values: DATA_SOURCE_UNSPECIFIED, DRIVE): Source of the data. - matchInfo
array
: List of matches that were found in the resource content.- items MatchInfo
- recipients
array
: Resource recipients. For Drive, they are grantees that the Drive file was shared with at the time of rule triggering. Valid values include user emails, group emails, domains, or 'anyone' if the file was publicly accessible. If the file was private the recipients list will be empty. For Gmail, they are emails of the users or groups that the Gmail message was sent to.- items
string
- items
- resourceInfo ResourceInfo
- ruleInfo RuleInfo
- suppressedActionTypes
array
: Actions suppressed due to other actions with higher priority.- items
string
(values: ACTION_TYPE_UNSPECIFIED, DRIVE_BLOCK_EXTERNAL_SHARING, DRIVE_WARN_ON_EXTERNAL_SHARING, ALERT, RULE_ACTIVATE, RULE_DEACTIVATE)
- items
- trigger
string
(values: TRIGGER_UNSPECIFIED, DRIVE_SHARE): Trigger of the rule. - triggeredActionTypes
array
: Actions applied as a consequence of the rule being triggered.- items
string
(values: ACTION_TYPE_UNSPECIFIED, DRIVE_BLOCK_EXTERNAL_SHARING, DRIVE_WARN_ON_EXTERNAL_SHARING, ALERT, RULE_ACTIVATE, RULE_DEACTIVATE)
- items
- triggeringUserEmail
string
: Email of the user who caused the violation. Value could be empty if not applicable, for example, a violation found by drive continuous scan.
- dataSource
Settings
- Settings
object
: Customer-level settings.- notifications
array
: The list of notifications.- items Notification
- notifications
StateSponsoredAttack
- StateSponsoredAttack
object
: A state-sponsored attack alert. Derived from audit logs.- email
string
: The email of the user this incident was created for.
- email
Status
- Status
object
: TheStatus
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. EachStatus
message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.- code
integer
: The status code, which should be an enum value of google.rpc.Code. - details
array
: A list of messages that carry the error details. There is a common set of message types for APIs to use.- items
object
- items
- message
string
: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
- code
SuspiciousActivity
- SuspiciousActivity
object
: A mobile suspicious activity alert. Derived from audit logs.- email
string
: The email of the user this alert was created for. - events
array
: Required. The list of security events.
- email
SuspiciousActivitySecurityDetail
- SuspiciousActivitySecurityDetail
object
: Detailed information of a single MDM suspicious activity event.- deviceId
string
: Required. The device ID. - deviceModel
string
: The model of the device. - deviceProperty
string
: The device property which was changed. - deviceType
string
: The type of the device. - iosVendorId
string
: Required for iOS, empty for others. - newValue
string
: The new value of the device property after the change. - oldValue
string
: The old value of the device property before the change. - resourceId
string
: The device resource ID. - serialNumber
string
: The serial number of the device.
- deviceId
UndeleteAlertRequest
- UndeleteAlertRequest
object
: A request to undelete a specific alert that was marked for deletion.- customerId
string
: Optional. The unique identifier of the G Suite organization account of the customer the alert is associated with. Inferred from the caller identity if not provided.
- customerId
User
- User
object
: A user.- displayName
string
: Display name of the user. - emailAddress
string
: Email address of the user.
- displayName
UserDefinedDetectorInfo
- UserDefinedDetectorInfo
object
: Detector defined by administrators.- displayName
string
: Display name of the detector. - resourceName
string
: Resource name that uniquely identifies the detector.
- displayName