- Resource: EnrichmentControl
- EnrichmentControlOption
- EnrichmentDisablementTarget
- EnrichmentType
- State
- Methods
Resource: EnrichmentControl
An EnrichmentControl resource represents a control to an enrichment. Enrichment is the process of populating UDM events with more useful information. An enrichment control can have multiple records. Each record has a time range and a description. When an enrichment control is created for the first time, a new EnrichmentControl resource is generated, along with an initial record whose time range begins at the creation time. For subsequent creation requests for the same control, the existing EnrichmentControl resource is returned, and a new record with a start time of the current creation time is added. Disabling an enrichment control involves updating the end time of the most recent record associated with that EnrichmentControl resource to the disabling time.
| JSON representation |
|---|
{ "name": string, "enrichmentControlOption": { object ( |
| Fields | |
|---|---|
name |
Identifier. The resource name of the EnrichmentControl. Format: projects/{project}/locations/{location}/instances/{instance}/enrichmentControls/{enrichmentControl} |
enrichmentControlOption |
Required. The options to control the enrichment. |
state |
Output only. The EnrichmentControl resource instance state. Output only. |
displayName |
Optional. A human-readable name for this enrichment control. |
description |
Optional. A human-readable description for this enrichment control. |
EnrichmentControlOption
The options to control the enrichment.
| JSON representation |
|---|
{ // Union field |
| Fields | |
|---|---|
Union field option. The option to control the enrichment. option can be only one of the following: |
|
enrichmentDisablementTarget |
Disable enrichment for a particular telemetry log type. This means an individual log would no longer be enriched. |
EnrichmentDisablementTarget
Enrichment Target Option. This option will stop enriching events in a particular log type and event type.
| JSON representation |
|---|
{ "enrichmentType": enum ( |
| Fields | |
|---|---|
enrichmentType |
Required. The type of enrichment to disable. |
logType |
Required. Raw LogType. Apply to all log types if ALL_TYPE. If multiple controls are created for the same log type, all of the controls will be applied. If both logType and eventType are set in the same control, it will be applied to the specific event type in the specific log type. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType} |
eventType |
Optional. The event type. Apply to all eventType if not set. If multiple controls are created for the same event type, all of the controls will be applied. If both logType and eventType are set, the control will be applied to the specific event type in the specific log type. |
EnrichmentType
The type of enrichment to disable.
| Enums | |
|---|---|
ENRICHMENT_TYPE_UNSPECIFIED |
Unspecified. |
ALL_TYPES |
ALL enrichment types. |
ASSET |
Asset enrichment. |
USER |
User enrichment. |
PROCESS |
Process enrichment. |
GOOGLE_THREAT_INTEL |
Google Threat Intel enrichment. |
GEOIP |
GeoIP enrichment. |
State
Holds the state of the EnrichmentControl resource.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
State not set. |
CREATING |
The EnrichmentControl is being created and enforced. Newly created controls have this state. Enforcement of a control is not immediate and will take some time to be fully enforced. |
CREATED |
The EnrichmentControl has been created and fully enforced. |
DELETING |
The EnrichmentControl is being deleted. It will transition to this state when a user deletes the control. Deletion of the control is not immediate and will take some time to be fully enforced. |
DELETED |
The EnrichmentControl has been deleted. It will transition to this state when the deletion of the control is fully enforced. |
Methods |
|
|---|---|
|
Create an EnrichmentControl resource. |
|
Delete an EnrichmentControl. |
|
Get an EnrichmentControl. |
|
List all EnrichmentControls. |