REST Resource: projects.locations.instances.enrichmentControls

Resource: EnrichmentControl

An EnrichmentControl resource represents a control to an enrichment. Enrichment is the process of populating UDM events with more useful information. An enrichment control can have multiple records. Each record has a time range and a description. When an enrichment control is created for the first time, a new EnrichmentControl resource is generated, along with an initial record whose time range begins at the creation time. For subsequent creation requests for the same control, the existing EnrichmentControl resource is returned, and a new record with a start time of the current creation time is added. Disabling an enrichment control involves updating the end time of the most recent record associated with that EnrichmentControl resource to the disabling time.

JSON representation 
{
  "name": string,
  "enrichmentControlOption": {
    object (EnrichmentControlOption)
  },
  "state": enum (State),
  "displayName": string,
  "description": string,
  "records": [
    {
      object (EnrichmentControlRecord)
    }
  ]
}
Fields
name

string

Identifier. The resource name of the EnrichmentControl. Format: projects/{project}/locations/{location}/instances/{instance}/enrichmentControls/{enrichmentControl}
enrichmentControlOption

object (EnrichmentControlOption)

Required. The options to control the enrichment.
state
(deprecated)

enum (State)

Output only. The EnrichmentControl resource instance state. Output only.
displayName

string

Optional. A human-readable name for this enrichment control.
description

string

Optional. A human-readable description for this enrichment control.
records[]

object (EnrichmentControlRecord)

Output only. The records of the enrichment control.

EnrichmentControlOption

The options to control the enrichment.

JSON representation 
{
  "enrichmentType": enum (EnrichmentType),
  "targetLogType": string,
  "enrichmentSource": {
    object (EnrichmentSource)
  },

  // Union field option can be only one of the following:
  "enrichmentDisablementTarget": {
    object (EnrichmentDisablementTarget)
  }
  // End of list of possible types for union field option.
}
Fields
enrichmentType

enum (EnrichmentType)

Required. The type of enrichment to be controlled.
targetLogType

string

Required. LogType of the events to be enriched. Apply to all log types if ALL_TYPE. LogType resource format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType}
enrichmentSource

object (EnrichmentSource)

Required. The enrichment source that an enrichment is from. An enrichment source can be either a log type or an external enrichment source that does not have a log type.
Union field option. The option to control the enrichment. option can be only one of the following:
enrichmentDisablementTarget
(deprecated)

object (EnrichmentDisablementTarget)

Disable enrichment for a particular telemetry log type. This means an individual log would no longer be enriched.

EnrichmentDisablementTarget

Enrichment Target Option. This option will stop enriching events in a particular log type and event type.

JSON representation 
{
  "enrichmentType": enum (EnrichmentType),
  "logType": string,
  "eventType": enum (EventType)
}
Fields
enrichmentType

enum (EnrichmentType)

Required. The type of enrichment to disable.
logType

string

Required. Raw LogType. Apply to all log types if ALL_TYPE. If multiple controls are created for the same log type, all of the controls will be applied. If both logType and eventType are set in the same control, it will be applied to the specific event type in the specific log type. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType}
eventType

enum (EventType)

Optional. The event type. Apply to all eventType if not set. If multiple controls are created for the same event type, all of the controls will be applied. If both logType and eventType are set, the control will be applied to the specific event type in the specific log type.

EnrichmentType

The type of enrichment to disable.

Enums
ENRICHMENT_TYPE_UNSPECIFIED Unspecified.
ALL_TYPES ALL enrichment types.
ASSET Asset enrichment.
USER User enrichment.
PROCESS Process enrichment.
GOOGLE_THREAT_INTEL Google Threat Intel enrichment.
GEOIP GeoIP enrichment.

EnrichmentType

The type of enrichment. It can be expanded to include more types in the future.

Enums
ENRICHMENT_TYPE_UNSPECIFIED Unspecified.
ALL_ENRICHMENT_TYPES ALL enrichment types.
ASSET_ENRICHMENT Asset enrichment.
USER_ENRICHMENT User enrichment.
PROCESS_ENRICHMENT Process enrichment.
GOOGLE_THREAT_INTEL_ENRICHMENT Google Threat Intel enrichment.
GEO_IP_ENRICHMENT GeoIP enrichment.

EnrichmentSource

The enrichment source that an enrichment is from. For source that comes from external and does not have a log type, for example, GEO_IP_SERVICE, the ExternalEnrichmentSource field should be set.

JSON representation 
{

  // Union field source can be only one of the following:
  "logType": string,
  "externalEnrichmentSource": enum (ExternalEnrichmentSource)
  // End of list of possible types for union field source.
}
Fields
Union field source. The source of an enrichment can be either a log type or an external enrichment source that does not have a log type. source can be only one of the following:
logType

string

Required. Raw LogType of an enrichment source. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType}
externalEnrichmentSource

enum (ExternalEnrichmentSource)

Required. Represents an enrichment source from external that does not have a log type. For example, GEO_IP_SERVICE for enrichment from the GeoIP service.

ExternalEnrichmentSource

The external enrichment sources that do not have a log type associated with it.

Enums
EXTERNAL_ENRICHMENT_SOURCE_UNSPECIFIED Unspecified.
GEO_IP_SERVICE GeoIP service.

State

Holds the state of the EnrichmentControl resource.

Enums
STATE_UNSPECIFIED State not set.
CREATING The EnrichmentControl is being created and enforced. Newly created controls have this state. Enforcement of a control is not immediate and will take some time to be fully enforced.
CREATED The EnrichmentControl has been created and fully enforced.
DELETING The EnrichmentControl is being deleted. It will transition to this state when a user deletes the control. Deletion of the control is not immediate and will take some time to be fully enforced.
DELETED The EnrichmentControl has been deleted. It will transition to this state when the deletion of the control is fully enforced.

EnrichmentControlRecord

The activity record of an enrichment control.

JSON representation 
{
  "timeRange": {
    object (Interval)
  },
  "description": string
}
Fields
timeRange

object (Interval)

Output only. The time range of the events to apply the enrichment control. If the end time is not set, it means the control will apply to all events after the start time.
description

string

Output only. A human-readable description for this enrichment control record.

Methods

create

 Create an EnrichmentControl resource.

delete

 Delete an EnrichmentControl.

disable

 Disable an EnrichmentControl.

get

 Get an EnrichmentControl.

list

 List all EnrichmentControls.