Enum value maps for ThreatLog_Severity.
var (
ThreatLog_Severity_name = map[int32]string{
0: "SEVERITY_UNSPECIFIED",
2: "LOW",
3: "MEDIUM",
4: "HIGH",
5: "CRITICAL",
6: "INFORMATIONAL",
}
ThreatLog_Severity_value = map[string]int32{
"SEVERITY_UNSPECIFIED": 0,
"LOW": 2,
"MEDIUM": 3,
"HIGH": 4,
"CRITICAL": 5,
"INFORMATIONAL": 6,
}
)
Enum value maps for ThreatLog_Direction.
var (
ThreatLog_Direction_name = map[int32]string{
0: "DIRECTION_UNDEFINED",
1: "CLIENT_TO_SERVER",
2: "SERVER_TO_CLIENT",
}
ThreatLog_Direction_value = map[string]int32{
"DIRECTION_UNDEFINED": 0,
"CLIENT_TO_SERVER": 1,
"SERVER_TO_CLIENT": 2,
}
)
var File_google_cloud_ids_logging_v1_logging_proto protoreflect.FileDescriptor
A threat detected by Cloud IDS.
type ThreatLog struct {
// Name of the threat, e,g. "Suspicious HTTP Evasion"
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Unique ID of the threat.
ThreatId string `protobuf:"bytes,13,opt,name=threat_id,json=threatId,proto3" json:"threat_id,omitempty"`
// The time of the alert.
AlertTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=alert_time,json=alertTime,proto3" json:"alert_time,omitempty"`
// Severity of threat.
AlertSeverity ThreatLog_Severity `protobuf:"varint,19,opt,name=alert_severity,json=alertSeverity,proto3,enum=google.cloud.ids.logging.v1.ThreatLog_Severity" json:"alert_severity,omitempty"`
// The type of the threat, e.g. "Spyware".
Type string `protobuf:"bytes,4,opt,name=type,proto3" json:"type,omitempty"`
// Category (sub-type) of the threat, e.g. "code-execution".
Category string `protobuf:"bytes,18,opt,name=category,proto3" json:"category,omitempty"`
// The source IP Address of the packet, e.g. "35.191.8.79"
SourceIpAddress string `protobuf:"bytes,5,opt,name=source_ip_address,json=sourceIpAddress,proto3" json:"source_ip_address,omitempty"`
// The source port of the packet, e.g. 8080
SourcePort int32 `protobuf:"varint,6,opt,name=source_port,json=sourcePort,proto3" json:"source_port,omitempty"`
// The destination IP Address of the packet, e.g. "192.168.100.2"
DestinationIpAddress string `protobuf:"bytes,7,opt,name=destination_ip_address,json=destinationIpAddress,proto3" json:"destination_ip_address,omitempty"`
// The destination port of the packet, e.g. 100
DestinationPort int32 `protobuf:"varint,8,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
// The IP protocol of the packet, e.g. "TCP".
IpProtocol string `protobuf:"bytes,9,opt,name=ip_protocol,json=ipProtocol,proto3" json:"ip_protocol,omitempty"`
// The direction of the packet - an optional field.
Direction ThreatLog_Direction `protobuf:"varint,10,opt,name=direction,proto3,enum=google.cloud.ids.logging.v1.ThreatLog_Direction" json:"direction,omitempty"`
// ID of the Layer 4 session of the threat.
SessionId string `protobuf:"bytes,14,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
// Number of sessions with same source IP, destination IP, application, and
// type seen within 5 seconds.
RepeatCount string `protobuf:"bytes,15,opt,name=repeat_count,json=repeatCount,proto3" json:"repeat_count,omitempty"`
// Application associated with the session.
Application string `protobuf:"bytes,16,opt,name=application,proto3" json:"application,omitempty"`
// Variable field. URI or filename of the relevant threat, if applicable.
UriOrFilename string `protobuf:"bytes,17,opt,name=uri_or_filename,json=uriOrFilename,proto3" json:"uri_or_filename,omitempty"`
// CVE IDs of the threat.
Cves []string `protobuf:"bytes,20,rep,name=cves,proto3" json:"cves,omitempty"`
// Details of the threat reported by the IDS VM
Details string `protobuf:"bytes,11,opt,name=details,proto3" json:"details,omitempty"`
// The network associated with the IDS Endpoint.
Network string `protobuf:"bytes,12,opt,name=network,proto3" json:"network,omitempty"`
// contains filtered or unexported fields
}
func (*ThreatLog) Descriptor() ([]byte, []int)
Deprecated: Use ThreatLog.ProtoReflect.Descriptor instead.
func (x *ThreatLog) GetAlertSeverity() ThreatLog_Severity
func (x *ThreatLog) GetAlertTime() *timestamppb.Timestamp
func (x *ThreatLog) GetApplication() string
func (x *ThreatLog) GetCategory() string
func (x *ThreatLog) GetCves() []string
func (x *ThreatLog) GetDestinationIpAddress() string
func (x *ThreatLog) GetDestinationPort() int32
func (x *ThreatLog) GetDetails() string
func (x *ThreatLog) GetDirection() ThreatLog_Direction
func (x *ThreatLog) GetIpProtocol() string
func (x *ThreatLog) GetName() string
func (x *ThreatLog) GetNetwork() string
func (x *ThreatLog) GetRepeatCount() string
func (x *ThreatLog) GetSessionId() string
func (x *ThreatLog) GetSourceIpAddress() string
func (x *ThreatLog) GetSourcePort() int32
func (x *ThreatLog) GetThreatId() string
func (x *ThreatLog) GetType() string
func (x *ThreatLog) GetUriOrFilename() string
func (*ThreatLog) ProtoMessage()
func (x *ThreatLog) ProtoReflect() protoreflect.Message
func (x *ThreatLog) Reset()
func (x *ThreatLog) String() string
type ThreatLog_Direction int32
const (
// Default value - permitted since Direction is optional.
ThreatLog_DIRECTION_UNDEFINED ThreatLog_Direction = 0
// Ingress traffic.
ThreatLog_CLIENT_TO_SERVER ThreatLog_Direction = 1
// Egress traffic.
ThreatLog_SERVER_TO_CLIENT ThreatLog_Direction = 2
)
func (ThreatLog_Direction) Descriptor() protoreflect.EnumDescriptor
func (x ThreatLog_Direction) Enum() *ThreatLog_Direction
func (ThreatLog_Direction) EnumDescriptor() ([]byte, []int)
Deprecated: Use ThreatLog_Direction.Descriptor instead.
func (x ThreatLog_Direction) Number() protoreflect.EnumNumber
func (x ThreatLog_Direction) String() string
func (ThreatLog_Direction) Type() protoreflect.EnumType
Describes the type of severity of the threat.
type ThreatLog_Severity int32
const (
// Default value - should never be used.
ThreatLog_SEVERITY_UNSPECIFIED ThreatLog_Severity = 0
ThreatLog_LOW ThreatLog_Severity = 2
ThreatLog_MEDIUM ThreatLog_Severity = 3
ThreatLog_HIGH ThreatLog_Severity = 4
ThreatLog_CRITICAL ThreatLog_Severity = 5
ThreatLog_INFORMATIONAL ThreatLog_Severity = 6
)
func (ThreatLog_Severity) Descriptor() protoreflect.EnumDescriptor
func (x ThreatLog_Severity) Enum() *ThreatLog_Severity
func (ThreatLog_Severity) EnumDescriptor() ([]byte, []int)
Deprecated: Use ThreatLog_Severity.Descriptor instead.
func (x ThreatLog_Severity) Number() protoreflect.EnumNumber
func (x ThreatLog_Severity) String() string
func (ThreatLog_Severity) Type() protoreflect.EnumType
Traffic detected by Cloud IDS. Fields taken from: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields.html.
type TrafficLog struct {
// Time of session start.
StartTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
// Elapsed time of the session.
ElapsedTime *durationpb.Duration `protobuf:"bytes,2,opt,name=elapsed_time,json=elapsedTime,proto3" json:"elapsed_time,omitempty"`
// The network associated with the IDS Endpoint.
Network string `protobuf:"bytes,3,opt,name=network,proto3" json:"network,omitempty"`
// The source IP Address of the packet, e.g. "35.191.8.79"
SourceIpAddress string `protobuf:"bytes,4,opt,name=source_ip_address,json=sourceIpAddress,proto3" json:"source_ip_address,omitempty"`
// The source port of the packet, e.g. 8080
SourcePort int32 `protobuf:"varint,5,opt,name=source_port,json=sourcePort,proto3" json:"source_port,omitempty"`
// The destination IP Address of the packet, e.g. "192.168.100.2"
DestinationIpAddress string `protobuf:"bytes,6,opt,name=destination_ip_address,json=destinationIpAddress,proto3" json:"destination_ip_address,omitempty"`
// The destination port of the packet, e.g. 100
DestinationPort int32 `protobuf:"varint,7,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
// The IP protocol of the packet, e.g. "TCP".
IpProtocol string `protobuf:"bytes,8,opt,name=ip_protocol,json=ipProtocol,proto3" json:"ip_protocol,omitempty"`
// Application associated with the session.
Application string `protobuf:"bytes,9,opt,name=application,proto3" json:"application,omitempty"`
// The direction of the packet.
SessionId string `protobuf:"bytes,12,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
// Number of sessions with same source IP, destination IP, application, and
// type seen within 5 seconds.
RepeatCount string `protobuf:"bytes,13,opt,name=repeat_count,json=repeatCount,proto3" json:"repeat_count,omitempty"`
// Total number of bytes transferred in the session.
TotalBytes int64 `protobuf:"varint,14,opt,name=total_bytes,json=totalBytes,proto3" json:"total_bytes,omitempty"`
// Total number of packets transferred in the session.
TotalPackets int64 `protobuf:"varint,15,opt,name=total_packets,json=totalPackets,proto3" json:"total_packets,omitempty"`
// contains filtered or unexported fields
}
func (*TrafficLog) Descriptor() ([]byte, []int)
Deprecated: Use TrafficLog.ProtoReflect.Descriptor instead.
func (x *TrafficLog) GetApplication() string
func (x *TrafficLog) GetDestinationIpAddress() string
func (x *TrafficLog) GetDestinationPort() int32
func (x *TrafficLog) GetElapsedTime() *durationpb.Duration
func (x *TrafficLog) GetIpProtocol() string
func (x *TrafficLog) GetNetwork() string
func (x *TrafficLog) GetRepeatCount() string
func (x *TrafficLog) GetSessionId() string
func (x *TrafficLog) GetSourceIpAddress() string
func (x *TrafficLog) GetSourcePort() int32
func (x *TrafficLog) GetStartTime() *timestamppb.Timestamp
func (x *TrafficLog) GetTotalBytes() int64
func (x *TrafficLog) GetTotalPackets() int64
func (*TrafficLog) ProtoMessage()
func (x *TrafficLog) ProtoReflect() protoreflect.Message
func (x *TrafficLog) Reset()
func (x *TrafficLog) String() string