- Resource: ConnectorConfig
- ConnectorType
- ConnectorConfigDetails
- SplunkConfig
- ReportingSettings
- DefaultEvent
- OptInEvent
- DeviceEvent
- GoogleSecOpsConfig
- PubSubConfig
- CrowdStrikeConfig
- CrowdStrikeFalconNextGenConfig
- PaloAltoNetworksConfig
- DeviceTrustConfig
- ServiceProvider
- BrowserEnforcementScope
- CrowdStrikeXdrConfig
- XdrSettings
- PubSubXdrConfig
- ConnectorConfigStatus
- ConfigState
- Methods
Resource: ConnectorConfig
A representation of a connector config.
| JSON representation |
|---|
{ "name": string, "displayName": string, "type": enum ( |
| Fields | |
|---|---|
name |
Identifier. Format: customers/{customer}/connectorConfigs/{connectorConfig} |
displayName |
Required. The display name of the config. |
type |
Required. The type of the connector. |
details |
Required. The details of the connector config. |
status |
Output only. The status of the connector config. |
ConnectorType
Options for the type of the connector config.
| Enums | |
|---|---|
CONNECTOR_TYPE_UNSPECIFIED |
Default value. This value is unused. |
REPORTING |
Reporting connector. |
DEVICE_TRUST |
Device trust connector. |
XDR |
XDR connector. |
IDENTITY_BASED_ENROLLMENT |
Authentication connector. |
CERTIFICATE_AUTHORITY |
Certificate authority connector. Not yet supported in the API. |
ROOT_STORE |
Root certificate connector. |
ConnectorConfigDetails
The details of the connector config.
| JSON representation |
|---|
{ // Union field |
| Fields | |
|---|---|
Union field details. Connector specific details. details can be only one of the following: |
|
splunkConfig |
Splunk connector config. |
googleSecOpsConfig |
Google SecOps connector config. |
pubSubConfig |
Pub/Sub connector config. |
crowdStrikeConfig |
CrowdStrike connector config. |
crowdStrikeFalconNextGenConfig |
CrowdStrike Falcon Next Gen connector config. |
paloAltoNetworksConfig |
Palo Alto Networks connector config. |
deviceTrustConfig |
Device trust connector config. |
crowdStrikeXdrConfig |
CrowdStrike XDR connector config. |
pubSubXdrConfig |
Pub/Sub XDR connector config. |
SplunkConfig
Splunk connector config.
| JSON representation |
|---|
{
"unsecureScheme": boolean,
"host": string,
"portNumber": integer,
"hecToken": string,
"source": string,
"reportingSettings": {
object ( |
| Fields | |
|---|---|
unsecureScheme |
Optional. Whether to use an unsecure HTTP scheme. Defaults to false (HTTPS). |
host |
Required. Host to identify the customer specific server to receive the events. |
portNumber |
Optional. The port number to use. If not set, the default Splunk port is used. |
hecToken |
Required. Input only. The data input's HTTP Event Collector token to use as an Authorization header. |
source |
Optional. Optional source name to override the default one set in the Splunk admin console. |
reportingSettings |
Required. The reporting settings for the Splunk config. |
ReportingSettings
Reporting settings for connector configs.
| JSON representation |
|---|
{ "enabledDefaultEvents": [ enum ( |
| Fields | |
|---|---|
enabledDefaultEvents[] |
Optional. The list of user and browser events that are enabled for this connector. An empty list disables all default events, and using |
enabledOptInEvents[] |
Optional. The list of opt-in events that are enabled for this config. An empty list disables all opt-in events, and using |
enabledDeviceEvents[] |
Optional. The list of device events that are enabled for this config. An empty list disables all device events, and using |
DefaultEvent
Default reporting events. More events may be added.
| Enums | |
|---|---|
DEFAULT_EVENT_UNSPECIFIED |
Default value. This value is unused. |
ALL_DEFAULT_EVENTS |
All default events. |
BROWSER_CRASH_EVENT |
Browser crash event. |
BROWSER_EXTENSION_INSTALL_EVENT |
Browser extension install event. |
CONTENT_TRANSFER_EVENT |
Content transfer event. |
CONTENT_UNSCANNED_EVENT |
Content unscanned event. |
DATA_ACCESS_CONTROL_EVENT |
Data access control event. |
MALWARE_TRANSFER_EVENT |
Malware transfer event. |
PASSWORD_CHANGED_EVENT |
Password changed event. |
PASSWORD_REUSE_EVENT |
Password reuse event. |
SENSITIVE_DATA_TRANSFER_EVENT |
Sensitive data transfer event. |
SUSPICIOUS_URL_EVENT |
Suspicious URL event. |
UNSAFE_SITE_VISIT_EVENT |
Unsafe site visit event. |
URL_FILTERING_INTERSTITIAL_EVENT |
URL filtering interstitial event. |
OptInEvent
Opt-in reporting events. More events may be added.
| Enums | |
|---|---|
OPT_IN_EVENT_UNSPECIFIED |
Default value. This value is unused. |
ALL_OPT_IN_EVENTS |
All opt-in events. |
LOGIN_EVENT |
Login event. |
PASSWORD_BREACH_EVENT |
Password breach event. |
URL_NAVIGATION_EVENT |
URL navigation event. |
EXTENSION_TELEMETRY_EVENT |
Extension telemetry event. |
DeviceEvent
Device events. More events may be added.
| Enums | |
|---|---|
DEVICE_EVENT_UNSPECIFIED |
Default value. This value is unused. |
ALL_DEVICE_EVENTS |
All device events. |
ADD_REMOVE_USER_EVENT |
Add/remove user event. |
LOGIN_LOGOUT_EVENT |
Login/logout event. |
CRD_EVENT |
CRD event. |
PERIPHERAL_EVENT |
Peripheral event. |
GoogleSecOpsConfig
Google SecOps connector config.
| JSON representation |
|---|
{
"apiKey": string,
"host": string,
"reportingSettings": {
object ( |
| Fields | |
|---|---|
apiKey |
Required. Input only. API key to use on the ingestion API. |
host |
Required. Host of ingestion API endpoint. Allows customer to upload events to servers in specific geographical regions. Existing configs that don't have this setting default to US. |
reportingSettings |
Required. The reporting settings for the Google SecOps config. |
PubSubConfig
Pub/Sub connector config.
| JSON representation |
|---|
{
"topicFullPath": string,
"reportingSettings": {
object ( |
| Fields | |
|---|---|
topicFullPath |
Required. The full path to the topic to send the event to. |
reportingSettings |
Required. The reporting settings for the Pub/Sub config. |
CrowdStrikeConfig
CrowdStrike connector config.
| JSON representation |
|---|
{
"apiKey": string,
"host": string,
"reportingSettings": {
object ( |
| Fields | |
|---|---|
apiKey |
Required. Input only. API key to use on the ingestion API. |
host |
Required. Host to identify the customer specific server to receive the events. |
reportingSettings |
Required. The reporting settings for the CrowdStrike config. |
CrowdStrikeFalconNextGenConfig
CrowdStrike Falcon Next Gen connector config.
| JSON representation |
|---|
{
"apiKey": string,
"host": string,
"reportingSettings": {
object ( |
| Fields | |
|---|---|
apiKey |
Required. Input only. API key to use on the ingestion API. |
host |
Required. Host to identify the customer specific server to receive the events. |
reportingSettings |
Required. The reporting settings for the CrowdStrike Falcon Next Gen config. |
PaloAltoNetworksConfig
Palo Alto Networks connector config.
| JSON representation |
|---|
{
"apiKey": string,
"host": string,
"reportingSettings": {
object ( |
| Fields | |
|---|---|
apiKey |
Required. Input only. API key to use on the ingestion API. |
host |
Required. Host to identify the customer specific server to receive the events. |
reportingSettings |
Required. The reporting settings for the Palo Alto Networks config. |
DeviceTrustConfig
Device trust config for device trust connectors.
| JSON representation |
|---|
{ "serviceProvider": enum ( |
| Fields | |
|---|---|
serviceProvider |
Optional. The service provider for the device trust connector. |
urlMatchers[] |
Required. List of URLs allowed to be part of the attestation flow to get the set of signals from the machine. URLs must have HTTPS scheme, e.g. "https://example.com". Wildcards, *, are allowed. For detailed information on valid URL patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns. |
serviceAccounts[] |
Required. A list of email addresses of the service accounts which are allowed to call the Verified Access API with full access. |
scope |
Required. The scope at which this configuration will be applied. Note that this only applies to Chrome browser, as in ChromeOS it's always applied. |
ServiceProvider
The service provider for the device trust connector.
| Enums | |
|---|---|
SERVICE_PROVIDER_UNSPECIFIED |
Default value. |
UNIVERSAL_DEVICE_TRUST |
Universal device trust connector. |
OKTA |
Okta service provider. |
PING_IDENTITY |
Ping Identity service provider. |
ONELOGIN |
OneLogin service provider. |
DUO |
Duo service provider. |
ZSCALER |
Zscaler service provider. |
OMNISSA |
Omnissa service provider. |
JUMPCLOUD |
JumpCloud service provider. |
BrowserEnforcementScope
The enforcement level of the device trust connector.
| Enums | |
|---|---|
BROWSER_ENFORCEMENT_SCOPE_UNSPECIFIED |
Default value. This value is unused. |
BROWSERS_ONLY |
Only browsers are enforced. |
PROFILES_ONLY |
Only profiles are enforced. |
BROWSERS_AND_PROFILES |
Both browsers and profiles are enforced. |
CrowdStrikeXdrConfig
CrowdStrike XDR connector config.
| JSON representation |
|---|
{
"apiKey": string,
"host": string,
"xdrSettings": {
object ( |
| Fields | |
|---|---|
apiKey |
Required. Input only. API key to use on the ingestion API. |
host |
Required. Host to identify the customer specific server to receive the events. |
xdrSettings |
Required. The XDR settings for the CrowdStrike XDR config. |
XdrSettings
XDR settings for connector configs.
| JSON representation |
|---|
{ "enableAllXdrEvents": boolean } |
| Fields | |
|---|---|
enableAllXdrEvents |
Required. Whether to enable all XDR events. |
PubSubXdrConfig
Pub/Sub XDR connector config.
| JSON representation |
|---|
{
"topicFullPath": string,
"xdrSettings": {
object ( |
| Fields | |
|---|---|
topicFullPath |
Required. The full path to the topic to send the event to. |
xdrSettings |
Required. The XDR settings for the Pub/Sub XDR config. |
ConnectorConfigStatus
The status of the connector config.
| JSON representation |
|---|
{
"state": enum ( |
| Fields | |
|---|---|
state |
Output only. The state of the connector config. The connector state is disabled if the connector has not successfully sent an event in the last 24 hours. |
failureStartTime |
Output only. Field recording time of the earliest failure since the last success event. This field is only set when the state is Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
updateTime |
Output only. Field recording time of most recent modification of the status. For Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
ConfigState
The state of the connector config. More states may be added.
| Enums | |
|---|---|
CONFIG_STATE_UNKNOWN |
Default value. |
ENABLED |
The connector config is enabled. |
DISABLED_BY_FAILURES |
The connector config is transiently disabled due to failures. |
Methods |
|
|---|---|
|
Creates a connector config. |
|
Deletes a connector config. |
|
Gets a connector config with customer ID and config ID. |
|
Lists connector configs of a customer. |
|
Updates a connector config. |