852 lines
30 KiB
Ruby
852 lines
30 KiB
Ruby
# Copyright 2015 Google Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
require 'date'
|
|
require 'google/apis/core/base_service'
|
|
require 'google/apis/core/json_representation'
|
|
require 'google/apis/core/hashable'
|
|
require 'google/apis/errors'
|
|
|
|
module Google
|
|
module Apis
|
|
module AlertcenterV1beta1
|
|
|
|
# Alerts for user account warning events.
|
|
class AccountWarning
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Required. The email of the user that this event belongs to.
|
|
# Corresponds to the JSON property `email`
|
|
# @return [String]
|
|
attr_accessor :email
|
|
|
|
# The details of the login action.
|
|
# Corresponds to the JSON property `loginDetails`
|
|
# @return [Google::Apis::AlertcenterV1beta1::LoginDetails]
|
|
attr_accessor :login_details
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@email = args[:email] if args.key?(:email)
|
|
@login_details = args[:login_details] if args.key?(:login_details)
|
|
end
|
|
end
|
|
|
|
# An alert affecting a customer.
|
|
# All fields are read-only once created.
|
|
class Alert
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Output only. The unique identifier for the alert.
|
|
# Corresponds to the JSON property `alertId`
|
|
# @return [String]
|
|
attr_accessor :alert_id
|
|
|
|
# Output only. The time this alert was created.
|
|
# Corresponds to the JSON property `createTime`
|
|
# @return [String]
|
|
attr_accessor :create_time
|
|
|
|
# Output only. The unique identifier of the Google account of the customer.
|
|
# Corresponds to the JSON property `customerId`
|
|
# @return [String]
|
|
attr_accessor :customer_id
|
|
|
|
# Optional. The data associated with this alert, for example
|
|
# google.apps.alertcenter.type.DeviceCompromised.
|
|
# Corresponds to the JSON property `data`
|
|
# @return [Hash<String,Object>]
|
|
attr_accessor :data
|
|
|
|
# Output only. `True` if this alert is marked for deletion.
|
|
# Corresponds to the JSON property `deleted`
|
|
# @return [Boolean]
|
|
attr_accessor :deleted
|
|
alias_method :deleted?, :deleted
|
|
|
|
# Optional. The time the event that caused this alert ceased being active.
|
|
# If provided, the end time must not be earlier than the start time.
|
|
# If not provided, the end time defaults to the start time.
|
|
# Corresponds to the JSON property `endTime`
|
|
# @return [String]
|
|
attr_accessor :end_time
|
|
|
|
# Output only. An optional
|
|
# [Security Investigation Tool](https://support.google.com/a/answer/7575955)
|
|
# query for this alert.
|
|
# Corresponds to the JSON property `securityInvestigationToolLink`
|
|
# @return [String]
|
|
attr_accessor :security_investigation_tool_link
|
|
|
|
# Required. A unique identifier for the system that is reported the alert.
|
|
# Supported sources are any of the following:
|
|
# * Google Operations
|
|
# * Mobile device management
|
|
# * Gmail phishing
|
|
# * Domain wide takeout
|
|
# * Government attack warning
|
|
# * Google identity
|
|
# Corresponds to the JSON property `source`
|
|
# @return [String]
|
|
attr_accessor :source
|
|
|
|
# Required. The time the event that caused this alert was started or
|
|
# detected.
|
|
# Corresponds to the JSON property `startTime`
|
|
# @return [String]
|
|
attr_accessor :start_time
|
|
|
|
# Required. The type of the alert.
|
|
# For a list of available alert types see
|
|
# [G Suite Alert types](/admin-sdk/alertcenter/reference/alert-types).
|
|
# Corresponds to the JSON property `type`
|
|
# @return [String]
|
|
attr_accessor :type
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@alert_id = args[:alert_id] if args.key?(:alert_id)
|
|
@create_time = args[:create_time] if args.key?(:create_time)
|
|
@customer_id = args[:customer_id] if args.key?(:customer_id)
|
|
@data = args[:data] if args.key?(:data)
|
|
@deleted = args[:deleted] if args.key?(:deleted)
|
|
@end_time = args[:end_time] if args.key?(:end_time)
|
|
@security_investigation_tool_link = args[:security_investigation_tool_link] if args.key?(:security_investigation_tool_link)
|
|
@source = args[:source] if args.key?(:source)
|
|
@start_time = args[:start_time] if args.key?(:start_time)
|
|
@type = args[:type] if args.key?(:type)
|
|
end
|
|
end
|
|
|
|
# A customer feedback about an alert.
|
|
class AlertFeedback
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Output only. The alert identifier.
|
|
# Corresponds to the JSON property `alertId`
|
|
# @return [String]
|
|
attr_accessor :alert_id
|
|
|
|
# Output only. The time this feedback was created.
|
|
# Corresponds to the JSON property `createTime`
|
|
# @return [String]
|
|
attr_accessor :create_time
|
|
|
|
# Output only. The unique identifier of the Google account of the customer.
|
|
# Corresponds to the JSON property `customerId`
|
|
# @return [String]
|
|
attr_accessor :customer_id
|
|
|
|
# Output only. The email of the user that provided the feedback.
|
|
# Corresponds to the JSON property `email`
|
|
# @return [String]
|
|
attr_accessor :email
|
|
|
|
# Output only. The unique identifier for the feedback.
|
|
# Corresponds to the JSON property `feedbackId`
|
|
# @return [String]
|
|
attr_accessor :feedback_id
|
|
|
|
# Required. The type of the feedback.
|
|
# Corresponds to the JSON property `type`
|
|
# @return [String]
|
|
attr_accessor :type
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@alert_id = args[:alert_id] if args.key?(:alert_id)
|
|
@create_time = args[:create_time] if args.key?(:create_time)
|
|
@customer_id = args[:customer_id] if args.key?(:customer_id)
|
|
@email = args[:email] if args.key?(:email)
|
|
@feedback_id = args[:feedback_id] if args.key?(:feedback_id)
|
|
@type = args[:type] if args.key?(:type)
|
|
end
|
|
end
|
|
|
|
# Attachment with application-specific information about an alert.
|
|
class Attachment
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# A representation of a CSV file attachment, as a list of column headers and
|
|
# a list of data rows.
|
|
# Corresponds to the JSON property `csv`
|
|
# @return [Google::Apis::AlertcenterV1beta1::Csv]
|
|
attr_accessor :csv
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@csv = args[:csv] if args.key?(:csv)
|
|
end
|
|
end
|
|
|
|
# Alert for setting the domain or IP that malicious email comes from as
|
|
# whitelisted domain or IP in Gmail advanced settings.
|
|
class BadWhitelist
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Domain ID of Gmail phishing alerts.
|
|
# Corresponds to the JSON property `domainId`
|
|
# @return [Google::Apis::AlertcenterV1beta1::DomainId]
|
|
attr_accessor :domain_id
|
|
|
|
# Entity whose actions triggered a Gmail phishing alert.
|
|
# Corresponds to the JSON property `maliciousEntity`
|
|
# @return [Google::Apis::AlertcenterV1beta1::MaliciousEntity]
|
|
attr_accessor :malicious_entity
|
|
|
|
# The list of messages contained by this alert.
|
|
# Corresponds to the JSON property `messages`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::GmailMessageInfo>]
|
|
attr_accessor :messages
|
|
|
|
# The source IP address of the malicious email, for example,
|
|
# `127.0.0.1`.
|
|
# Corresponds to the JSON property `sourceIp`
|
|
# @return [String]
|
|
attr_accessor :source_ip
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@domain_id = args[:domain_id] if args.key?(:domain_id)
|
|
@malicious_entity = args[:malicious_entity] if args.key?(:malicious_entity)
|
|
@messages = args[:messages] if args.key?(:messages)
|
|
@source_ip = args[:source_ip] if args.key?(:source_ip)
|
|
end
|
|
end
|
|
|
|
# A representation of a CSV file attachment, as a list of column headers and
|
|
# a list of data rows.
|
|
class Csv
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The list of data rows in a CSV file, as string arrays rather than as a
|
|
# single comma-separated string.
|
|
# Corresponds to the JSON property `dataRows`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::CsvRow>]
|
|
attr_accessor :data_rows
|
|
|
|
# The list of headers for data columns in a CSV file.
|
|
# Corresponds to the JSON property `headers`
|
|
# @return [Array<String>]
|
|
attr_accessor :headers
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@data_rows = args[:data_rows] if args.key?(:data_rows)
|
|
@headers = args[:headers] if args.key?(:headers)
|
|
end
|
|
end
|
|
|
|
# A representation of a single data row in a CSV file.
|
|
class CsvRow
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The data entries in a CSV file row, as a string array rather than a
|
|
# single comma-separated string.
|
|
# Corresponds to the JSON property `entries`
|
|
# @return [Array<String>]
|
|
attr_accessor :entries
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@entries = args[:entries] if args.key?(:entries)
|
|
end
|
|
end
|
|
|
|
# A mobile device compromised alert. Derived from audit logs.
|
|
class DeviceCompromised
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The email of the user this alert was created for.
|
|
# Corresponds to the JSON property `email`
|
|
# @return [String]
|
|
attr_accessor :email
|
|
|
|
# Required. The list of security events.
|
|
# Corresponds to the JSON property `events`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::DeviceCompromisedSecurityDetail>]
|
|
attr_accessor :events
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@email = args[:email] if args.key?(:email)
|
|
@events = args[:events] if args.key?(:events)
|
|
end
|
|
end
|
|
|
|
# Detailed information of a single MDM device compromised event.
|
|
class DeviceCompromisedSecurityDetail
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The device compromised state. Possible values are "`Compromised`" or
|
|
# "`Not Compromised`".
|
|
# Corresponds to the JSON property `deviceCompromisedState`
|
|
# @return [String]
|
|
attr_accessor :device_compromised_state
|
|
|
|
# Required. The device ID.
|
|
# Corresponds to the JSON property `deviceId`
|
|
# @return [String]
|
|
attr_accessor :device_id
|
|
|
|
# The model of the device.
|
|
# Corresponds to the JSON property `deviceModel`
|
|
# @return [String]
|
|
attr_accessor :device_model
|
|
|
|
# The type of the device.
|
|
# Corresponds to the JSON property `deviceType`
|
|
# @return [String]
|
|
attr_accessor :device_type
|
|
|
|
# Required for iOS, empty for others.
|
|
# Corresponds to the JSON property `iosVendorId`
|
|
# @return [String]
|
|
attr_accessor :ios_vendor_id
|
|
|
|
# The device resource ID.
|
|
# Corresponds to the JSON property `resourceId`
|
|
# @return [String]
|
|
attr_accessor :resource_id
|
|
|
|
# The serial number of the device.
|
|
# Corresponds to the JSON property `serialNumber`
|
|
# @return [String]
|
|
attr_accessor :serial_number
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@device_compromised_state = args[:device_compromised_state] if args.key?(:device_compromised_state)
|
|
@device_id = args[:device_id] if args.key?(:device_id)
|
|
@device_model = args[:device_model] if args.key?(:device_model)
|
|
@device_type = args[:device_type] if args.key?(:device_type)
|
|
@ios_vendor_id = args[:ios_vendor_id] if args.key?(:ios_vendor_id)
|
|
@resource_id = args[:resource_id] if args.key?(:resource_id)
|
|
@serial_number = args[:serial_number] if args.key?(:serial_number)
|
|
end
|
|
end
|
|
|
|
# Domain ID of Gmail phishing alerts.
|
|
class DomainId
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The primary domain for the customer.
|
|
# Corresponds to the JSON property `customerPrimaryDomain`
|
|
# @return [String]
|
|
attr_accessor :customer_primary_domain
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@customer_primary_domain = args[:customer_primary_domain] if args.key?(:customer_primary_domain)
|
|
end
|
|
end
|
|
|
|
# A takeout operation for the entire domain was initiated by an admin. Derived
|
|
# from audit logs.
|
|
class DomainWideTakeoutInitiated
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The email of the admin who initiated the takeout.
|
|
# Corresponds to the JSON property `email`
|
|
# @return [String]
|
|
attr_accessor :email
|
|
|
|
# The takeout request ID.
|
|
# Corresponds to the JSON property `takeoutRequestId`
|
|
# @return [String]
|
|
attr_accessor :takeout_request_id
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@email = args[:email] if args.key?(:email)
|
|
@takeout_request_id = args[:takeout_request_id] if args.key?(:takeout_request_id)
|
|
end
|
|
end
|
|
|
|
# A generic empty message that you can re-use to avoid defining duplicated
|
|
# empty messages in your APIs. A typical example is to use it as the request
|
|
# or the response type of an API method. For instance:
|
|
# service Foo `
|
|
# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
|
|
# `
|
|
# The JSON representation for `Empty` is empty JSON object ````.
|
|
class Empty
|
|
include Google::Apis::Core::Hashable
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
end
|
|
end
|
|
|
|
# Details of a message in phishing spike alert.
|
|
class GmailMessageInfo
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The `SHA256` hash of email's attachment and all MIME parts.
|
|
# Corresponds to the JSON property `attachmentsSha256Hash`
|
|
# @return [Array<String>]
|
|
attr_accessor :attachments_sha256_hash
|
|
|
|
# The date the malicious email was sent.
|
|
# Corresponds to the JSON property `date`
|
|
# @return [String]
|
|
attr_accessor :date
|
|
|
|
# The hash of the message body text.
|
|
# Corresponds to the JSON property `md5HashMessageBody`
|
|
# @return [String]
|
|
attr_accessor :md5_hash_message_body
|
|
|
|
# The MD5 Hash of email's subject (only available for reported emails).
|
|
# Corresponds to the JSON property `md5HashSubject`
|
|
# @return [String]
|
|
attr_accessor :md5_hash_subject
|
|
|
|
# The snippet of the message body text (only available for reported emails).
|
|
# Corresponds to the JSON property `messageBodySnippet`
|
|
# @return [String]
|
|
attr_accessor :message_body_snippet
|
|
|
|
# The message ID.
|
|
# Corresponds to the JSON property `messageId`
|
|
# @return [String]
|
|
attr_accessor :message_id
|
|
|
|
# The recipient of this email.
|
|
# Corresponds to the JSON property `recipient`
|
|
# @return [String]
|
|
attr_accessor :recipient
|
|
|
|
# The email subject text (only available for reported emails).
|
|
# Corresponds to the JSON property `subjectText`
|
|
# @return [String]
|
|
attr_accessor :subject_text
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@attachments_sha256_hash = args[:attachments_sha256_hash] if args.key?(:attachments_sha256_hash)
|
|
@date = args[:date] if args.key?(:date)
|
|
@md5_hash_message_body = args[:md5_hash_message_body] if args.key?(:md5_hash_message_body)
|
|
@md5_hash_subject = args[:md5_hash_subject] if args.key?(:md5_hash_subject)
|
|
@message_body_snippet = args[:message_body_snippet] if args.key?(:message_body_snippet)
|
|
@message_id = args[:message_id] if args.key?(:message_id)
|
|
@recipient = args[:recipient] if args.key?(:recipient)
|
|
@subject_text = args[:subject_text] if args.key?(:subject_text)
|
|
end
|
|
end
|
|
|
|
# An incident reported by Google Operations for a G Suite application.
|
|
class GoogleOperations
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The list of emails which correspond to the users directly affected by the
|
|
# incident.
|
|
# Corresponds to the JSON property `affectedUserEmails`
|
|
# @return [Array<String>]
|
|
attr_accessor :affected_user_emails
|
|
|
|
# Attachment with application-specific information about an alert.
|
|
# Corresponds to the JSON property `attachmentData`
|
|
# @return [Google::Apis::AlertcenterV1beta1::Attachment]
|
|
attr_accessor :attachment_data
|
|
|
|
# A detailed, freeform incident description.
|
|
# Corresponds to the JSON property `description`
|
|
# @return [String]
|
|
attr_accessor :description
|
|
|
|
# A one-line incident description.
|
|
# Corresponds to the JSON property `title`
|
|
# @return [String]
|
|
attr_accessor :title
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@affected_user_emails = args[:affected_user_emails] if args.key?(:affected_user_emails)
|
|
@attachment_data = args[:attachment_data] if args.key?(:attachment_data)
|
|
@description = args[:description] if args.key?(:description)
|
|
@title = args[:title] if args.key?(:title)
|
|
end
|
|
end
|
|
|
|
# Response message for an alert feedback listing request.
|
|
class ListAlertFeedbackResponse
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The list of alert feedback.
|
|
# Feedback entries for each alert are ordered by creation time descending.
|
|
# Corresponds to the JSON property `feedback`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::AlertFeedback>]
|
|
attr_accessor :feedback
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@feedback = args[:feedback] if args.key?(:feedback)
|
|
end
|
|
end
|
|
|
|
# Response message for an alert listing request.
|
|
class ListAlertsResponse
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The list of alerts.
|
|
# Corresponds to the JSON property `alerts`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::Alert>]
|
|
attr_accessor :alerts
|
|
|
|
# The token for the next page. If not empty, indicates that there may be more
|
|
# alerts that match the listing request; this value can be used in a
|
|
# subsequent ListAlertsRequest to get alerts continuing from last result
|
|
# of the current list call.
|
|
# Corresponds to the JSON property `nextPageToken`
|
|
# @return [String]
|
|
attr_accessor :next_page_token
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@alerts = args[:alerts] if args.key?(:alerts)
|
|
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
|
end
|
|
end
|
|
|
|
# The details of the login action.
|
|
class LoginDetails
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Optional. The human-readable IP address (for example,
|
|
# `11.22.33.44`) that is associated with the warning event.
|
|
# Corresponds to the JSON property `ipAddress`
|
|
# @return [String]
|
|
attr_accessor :ip_address
|
|
|
|
# Optional. The successful login time that is associated with the warning
|
|
# event. This will not be present for blocked login attempts.
|
|
# Corresponds to the JSON property `loginTime`
|
|
# @return [String]
|
|
attr_accessor :login_time
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@ip_address = args[:ip_address] if args.key?(:ip_address)
|
|
@login_time = args[:login_time] if args.key?(:login_time)
|
|
end
|
|
end
|
|
|
|
# Proto for all phishing alerts with common payload.
|
|
# Supported types are any of the following:
|
|
# * User reported phishing
|
|
# * User reported spam spike
|
|
# * Suspicious message reported
|
|
# * Phishing reclassification
|
|
# * Malware reclassification
|
|
class MailPhishing
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Domain ID of Gmail phishing alerts.
|
|
# Corresponds to the JSON property `domainId`
|
|
# @return [Google::Apis::AlertcenterV1beta1::DomainId]
|
|
attr_accessor :domain_id
|
|
|
|
# If `true`, the email originated from within the organization.
|
|
# Corresponds to the JSON property `isInternal`
|
|
# @return [Boolean]
|
|
attr_accessor :is_internal
|
|
alias_method :is_internal?, :is_internal
|
|
|
|
# Entity whose actions triggered a Gmail phishing alert.
|
|
# Corresponds to the JSON property `maliciousEntity`
|
|
# @return [Google::Apis::AlertcenterV1beta1::MaliciousEntity]
|
|
attr_accessor :malicious_entity
|
|
|
|
# The list of messages contained by this alert.
|
|
# Corresponds to the JSON property `messages`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::GmailMessageInfo>]
|
|
attr_accessor :messages
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@domain_id = args[:domain_id] if args.key?(:domain_id)
|
|
@is_internal = args[:is_internal] if args.key?(:is_internal)
|
|
@malicious_entity = args[:malicious_entity] if args.key?(:malicious_entity)
|
|
@messages = args[:messages] if args.key?(:messages)
|
|
end
|
|
end
|
|
|
|
# Entity whose actions triggered a Gmail phishing alert.
|
|
class MaliciousEntity
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The sender email address.
|
|
# Corresponds to the JSON property `fromHeader`
|
|
# @return [String]
|
|
attr_accessor :from_header
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@from_header = args[:from_header] if args.key?(:from_header)
|
|
end
|
|
end
|
|
|
|
# Alert for a spike in user reported phishing.
|
|
# <aside class="warning"><b>Warning</b>: This type has been deprecated. Use
|
|
# [MailPhishing](/admin-sdk/alertcenter/reference/rest/v1beta1/MailPhishing)
|
|
# instead.</aside>
|
|
class PhishingSpike
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Domain ID of Gmail phishing alerts.
|
|
# Corresponds to the JSON property `domainId`
|
|
# @return [Google::Apis::AlertcenterV1beta1::DomainId]
|
|
attr_accessor :domain_id
|
|
|
|
# If `true`, the email originated from within the organization.
|
|
# Corresponds to the JSON property `isInternal`
|
|
# @return [Boolean]
|
|
attr_accessor :is_internal
|
|
alias_method :is_internal?, :is_internal
|
|
|
|
# Entity whose actions triggered a Gmail phishing alert.
|
|
# Corresponds to the JSON property `maliciousEntity`
|
|
# @return [Google::Apis::AlertcenterV1beta1::MaliciousEntity]
|
|
attr_accessor :malicious_entity
|
|
|
|
# The list of messages contained by this alert.
|
|
# Corresponds to the JSON property `messages`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::GmailMessageInfo>]
|
|
attr_accessor :messages
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@domain_id = args[:domain_id] if args.key?(:domain_id)
|
|
@is_internal = args[:is_internal] if args.key?(:is_internal)
|
|
@malicious_entity = args[:malicious_entity] if args.key?(:malicious_entity)
|
|
@messages = args[:messages] if args.key?(:messages)
|
|
end
|
|
end
|
|
|
|
# A state-sponsored attack alert. Derived from audit logs.
|
|
class StateSponsoredAttack
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The email of the user this incident was created for.
|
|
# Corresponds to the JSON property `email`
|
|
# @return [String]
|
|
attr_accessor :email
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@email = args[:email] if args.key?(:email)
|
|
end
|
|
end
|
|
|
|
# A mobile suspicious activity alert. Derived from audit logs.
|
|
class SuspiciousActivity
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# The email of the user this alert was created for.
|
|
# Corresponds to the JSON property `email`
|
|
# @return [String]
|
|
attr_accessor :email
|
|
|
|
# Required. The list of security events.
|
|
# Corresponds to the JSON property `events`
|
|
# @return [Array<Google::Apis::AlertcenterV1beta1::SuspiciousActivitySecurityDetail>]
|
|
attr_accessor :events
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@email = args[:email] if args.key?(:email)
|
|
@events = args[:events] if args.key?(:events)
|
|
end
|
|
end
|
|
|
|
# Detailed information of a single MDM suspicious activity event.
|
|
class SuspiciousActivitySecurityDetail
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Required. The device ID.
|
|
# Corresponds to the JSON property `deviceId`
|
|
# @return [String]
|
|
attr_accessor :device_id
|
|
|
|
# The model of the device.
|
|
# Corresponds to the JSON property `deviceModel`
|
|
# @return [String]
|
|
attr_accessor :device_model
|
|
|
|
# The device property which was changed.
|
|
# Corresponds to the JSON property `deviceProperty`
|
|
# @return [String]
|
|
attr_accessor :device_property
|
|
|
|
# The type of the device.
|
|
# Corresponds to the JSON property `deviceType`
|
|
# @return [String]
|
|
attr_accessor :device_type
|
|
|
|
# Required for iOS, empty for others.
|
|
# Corresponds to the JSON property `iosVendorId`
|
|
# @return [String]
|
|
attr_accessor :ios_vendor_id
|
|
|
|
# The new value of the device property after the change.
|
|
# Corresponds to the JSON property `newValue`
|
|
# @return [String]
|
|
attr_accessor :new_value
|
|
|
|
# The old value of the device property before the change.
|
|
# Corresponds to the JSON property `oldValue`
|
|
# @return [String]
|
|
attr_accessor :old_value
|
|
|
|
# The device resource ID.
|
|
# Corresponds to the JSON property `resourceId`
|
|
# @return [String]
|
|
attr_accessor :resource_id
|
|
|
|
# The serial number of the device.
|
|
# Corresponds to the JSON property `serialNumber`
|
|
# @return [String]
|
|
attr_accessor :serial_number
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@device_id = args[:device_id] if args.key?(:device_id)
|
|
@device_model = args[:device_model] if args.key?(:device_model)
|
|
@device_property = args[:device_property] if args.key?(:device_property)
|
|
@device_type = args[:device_type] if args.key?(:device_type)
|
|
@ios_vendor_id = args[:ios_vendor_id] if args.key?(:ios_vendor_id)
|
|
@new_value = args[:new_value] if args.key?(:new_value)
|
|
@old_value = args[:old_value] if args.key?(:old_value)
|
|
@resource_id = args[:resource_id] if args.key?(:resource_id)
|
|
@serial_number = args[:serial_number] if args.key?(:serial_number)
|
|
end
|
|
end
|
|
|
|
# A request to undelete a specific alert that was marked for deletion.
|
|
class UndeleteAlertRequest
|
|
include Google::Apis::Core::Hashable
|
|
|
|
# Optional. The unique identifier of the G Suite organization account of the
|
|
# customer the alert is associated with.
|
|
# Inferred from the caller identity if not provided.
|
|
# Corresponds to the JSON property `customerId`
|
|
# @return [String]
|
|
attr_accessor :customer_id
|
|
|
|
def initialize(**args)
|
|
update!(**args)
|
|
end
|
|
|
|
# Update properties of this object
|
|
def update!(**args)
|
|
@customer_id = args[:customer_id] if args.key?(:customer_id)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|