- Resource: SecurityProfile
- ThreatPreventionProfile
- SeverityOverride
- Severity
- ThreatAction
- ThreatOverride
- ThreatType
- ProfileType
- Methods
Resource: SecurityProfile
SecurityProfile is a resource that defines the behavior for one of many ProfileTypes. Next ID: 9
| JSON representation |
|---|
{ "name": string, "description": string, "createTime": string, "updateTime": string, "etag": string, "labels": { string: string, ... }, "type": enum ( |
| Fields | |
|---|---|
name |
Immutable. Identifier. Name of the SecurityProfile resource. It matches pattern |
description |
Optional. An optional description of the profile. Max length 512 characters. |
createTime |
Output only. Resource creation timestamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. Last resource update timestamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
etag |
Output only. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
labels |
Optional. Labels as key value pairs. An object containing a list of |
type |
Immutable. The single ProfileType that the SecurityProfile resource configures. |
Union field profile. The behavior for the ProfileType that the SecurityProfile resource is meant to configure. This field must correspond to the ProfileType of the SecurityProfile. profile can be only one of the following: |
|
threatPreventionProfile |
The threat prevention configuration for the SecurityProfile. |
ThreatPreventionProfile
ThreatPreventionProfile defines an action for specific threat signatures or severity levels.
| JSON representation |
|---|
{ "severityOverrides": [ { object ( |
| Fields | |
|---|---|
severityOverrides[] |
Optional. Configuration for overriding threats actions by severity match. |
threatOverrides[] |
Optional. Configuration for overriding threats actions by threatId match. If a threat is matched both by configuration provided in severityOverrides and threatOverrides, the threatOverrides action is applied. |
SeverityOverride
Defines what action to take for a specific severity match.
| JSON representation |
|---|
{ "severity": enum ( |
| Fields | |
|---|---|
severity |
Required. Severity level to match. |
action |
Required. Threat action override. |
Severity
Severity level.
| Enums | |
|---|---|
SEVERITY_UNSPECIFIED |
Severity level not specified. |
INFORMATIONAL |
Suspicious events that do not pose an immediate threat, but that are reported to call attention to deeper problems that could possibly exist. |
LOW |
Warning-level threats that have very little impact on an organization's infrastructure. They usually require local or physical system access and may often result in victim privacy issues and information leakage. |
MEDIUM |
Minor threats in which impact is minimized, that do not compromise the target or exploits that require an attacker to reside on the same local network as the victim, affect only non-standard configurations or obscure applications, or provide very limited access. |
HIGH |
Threats that have the ability to become critical but have mitigating factors; for example, they may be difficult to exploit, do not result in elevated privileges, or do not have a large victim pool. |
CRITICAL |
Serious threats, such as those that affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions. |
ThreatAction
Threat action override.
| Enums | |
|---|---|
THREAT_ACTION_UNSPECIFIED |
Threat action not specified. |
DEFAULT_ACTION |
The default action (as specified by the vendor) is taken. |
ALLOW |
The packet matching this rule will be allowed to transmit. |
ALERT |
The packet matching this rule will be allowed to transmit, but a threat_log entry will be sent to the consumer project. |
DENY |
The packet matching this rule will be dropped, and a threat_log entry will be sent to the consumer project. |
ThreatOverride
Defines what action to take for a specific threatId match.
| JSON representation |
|---|
{ "threatId": string, "type": enum ( |
| Fields | |
|---|---|
threatId |
Required. Vendor-specific ID of a threat to override. |
type |
Output only. Type of the threat (read only). |
action |
Required. Threat action override. For some threat types, only a subset of actions applies. |
ThreatType
Type of threat.
| Enums | |
|---|---|
THREAT_TYPE_UNSPECIFIED |
Type of threat not specified. |
UNKNOWN |
Type of threat is not derivable from threat ID. An override will be created for all types. Firewall will ignore overridden signature ID's that don't exist in the specific type. |
VULNERABILITY |
Threats related to system flaws that an attacker might otherwise attempt to exploit. |
ANTIVIRUS |
Threats related to viruses and malware found in executables and file types. |
SPYWARE |
Threats related to command-and-control (C2) activity, where spyware on an infected client is collecting data without the user's consent and/or communicating with a remote attacker. |
DNS |
Threats related to DNS. |
ProfileType
The possible types that the SecurityProfile resource can configure.
| Enums | |
|---|---|
PROFILE_TYPE_UNSPECIFIED |
Profile type not specified. |
THREAT_PREVENTION |
Profile type for threat prevention. |
Methods |
|
|---|---|
|
Creates a new SecurityProfile in a given organization and location. |
|
Deletes a single SecurityProfile. |
|
Gets details of a single SecurityProfile. |
|
Lists SecurityProfiles in a given organization and location. |
|
Updates the parameters of a single SecurityProfile. |