Resource: IocAssociation
Associations represents different metadata about malware and threat actors involved with an IoC. NEXT TAG: 16
| JSON representation |
|---|
{ "name": string, "id": string, "countryCode": [ string ], "regionCode": { object ( |
| Fields | |
|---|---|
name |
Output only. Identifier. The resource name of this IocAssociation. Format: projects/{project}/locations/{location}/instances/{instance}/ iocAssociations/{iocAssociation} |
id |
Output only. Association identifier. This can be used to request details of the IocAssociation from the Google Threat Intelligence API (https://gtidocs.virustotal.com/reference/get-threat) |
countryCode[] |
Output only. Deprecated. Use regionCode instead. Country from which the threat actor originated. |
regionCode |
Output only. Name of the country the threat is originating from. |
type |
Output only. Signifies the type of association. |
threatDisplayName |
Output only. Name of the threat actor/malware. |
description |
Output only. Human readable description about the association. |
alias[] |
Output only. Different aliases of the threat actor given by different sources. |
firstReferenceTime |
Output only. First time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
lastReferenceTime |
Output only. Last time the threat actor was referenced or seen. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
industriesAffected[] |
Output only. List of industries the threat actor affects. |
associatedActors[] |
Output only. List of associated threat actors for a malware. Not applicable for threat actors. |
roles[] |
Output only. List of roles associated with the malware. Not applicable for threat actors. |
operatingSystems[] |
Output only. List of operating systems that associated with the malware. Not applicable for threat actors. |
iocs[] |
Output only. The resource names of the Iocs that are related to this IocAssociation. Format: projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc} |
AssociationLocation
Information about a location.
| JSON representation |
|---|
{
"city": string,
"state": string,
"countryOrRegion": string,
"location": string,
"desk": string,
"floor": string,
"regionCoordinates": {
object ( |
| Fields | |
|---|---|
city |
Output only. The city. |
state |
The state. |
countryOrRegion |
The country or region. |
location |
Custom location name (e.g. building or site name like "London Office"). For cloud environments, this is the region (e.g. "us-west2"). |
desk |
Desk name or individual location, typically for an employee in an office. (e.g. "IN-BLR-BCPC-11-1121D"). |
floor |
Floor name, number or a combination of the two for a building. (e.g. "1-A"). |
regionCoordinates |
Coordinates for the associated region. |
AssociationType
Represents different possible Association types. Can be threat or malware. Used to represent Mandiant threat intelligence.
| Enums | |
|---|---|
ASSOCIATION_TYPE_UNSPECIFIED |
The default Association Type. |
THREAT_ACTOR |
Association type Threat actor. |
MALWARE |
Association type Malware. |
IocAssociationAlias
Association Alias Used to represent Mandiant Threat intel.
| JSON representation |
|---|
{ "associationName": string, "provider": string } |
| Fields | |
|---|---|
associationName |
Output only. Name of the alias. |
provider |
Output only. Name of the provider who gave the association's name. |
Methods |
|
|---|---|
|
Gets a batch (list) of IocAssociations given a list of names and a parent. |
|
List related Ioc Associations for a given Ioc Association. |
|
List related threat collections for an IocAssociation. |
|
Get an Ioc Association by resource name. |