Create and manage threat prevention security profiles

This page explains how to create and manage security profiles of the type threat-prevention by using the Google Cloud console or the Google Cloud CLI.

Before you begin

Roles

To get the permissions that you need to create, view, update, or delete security profiles, ask your administrator to grant you the necessary IAM roles on your organization. For more information about granting roles, see Manage access.

Create a threat prevention security profile

Create a security profile of type threat-prevention and specify the name of the security profile as a string or as a unique URL identifier.

Organization-level security profiles

To create an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

To construct the unique URL for a security profile, use the following format:

organizations/ORGANIZATION_ID/locations/global/securityProfiles/SECURITY_PROFILE_NAME

If you use a unique URL identifier for the security profile name, the organization and location of the security profile is already included in the URL identifier. However, if you use only the security profile name, you must specify the organization and location separately. For more information about unique URL identifiers, see security profile specifications.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. In the project selector menu, select your organization where you want to create the security profile.

  3. Select the Security profiles tab.

  4. Click Create profile.

  5. Enter a name in the Name field.

  6. Optional: Enter a description in the Description field.

  7. To create a Cloud Next Generation Firewall Enterprise security profile, in the Purpose section, select Cloud NGFW Enterprise.

  8. To create a threat prevention security profile, in the Type section, select Threat prevention.

  9. Click Continue.

Optionally, add severity and threat overrides:

  1. Under Severity overrides, click Edit next to the severity level that you want to override.
  2. In the Override action list, select the appropriate action for the severity level.
  3. To add a threat signature override, click Add signature by ID.
  4. In the Signature ID field, enter the threat ID that you want to override. You can view the threat IDs on the threat dashboard.
  5. In the Override action list, select the appropriate action for the threat ID.
  6. Click Create.

gcloud

To create a threat prevention security profile, use the gcloud network-security security-profiles threat-prevention create command:

gcloud network-security security-profiles threat-prevention create NAME \
    --location LOCATION \
    --organization ORGANIZATION_ID \
    --billing-project QUOTA_PROJECT_ID \
    --description DESCRIPTION

Replace the following:

  • NAME: the name of the threat prevention security profile; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --organization and --location flags.

  • LOCATION: the location of the threat prevention security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • ORGANIZATION_ID: the organization where the threat prevention security profile is created. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

  • QUOTA_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

  • DESCRIPTION: an optional description for the threat prevention security profile.

Project-level security profiles

To create a project-level threat prevention security profile, use the gcloud CLI.

The unique URL for a security profile can be constructed in the following format:

projects/PROJECT_ID/locations/global/securityProfiles/SECURITY_PROFILE_NAME

If you use a unique URL identifier for the security profile name, the project and location of the security profile is already included in the URL identifier. However, if you use only the security profile name, you must specify the project and location separately. For more information about unique URL identifiers, see security profile specifications.

gcloud

To create a threat prevention security profile, use the gcloud beta network-security security-profiles threat-prevention create command:

gcloud beta network-security security-profiles threat-prevention create NAME \
    --location LOCATION \
    --project PROJECT_ID \
    --description DESCRIPTION

Replace the following:

  • NAME: the name of the threat prevention security profile; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --project and --location flags.

  • LOCATION: the location of the threat prevention security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the threat prevention security profile is created. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

  • DESCRIPTION: an optional description for the threat prevention security profile.

View a threat prevention security profile

You can view the details of a specific threat prevention security profile in an organization or a project.

Organization-level security profiles

To view an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

  3. Click a security profile of type Threat prevention to view the profile details.

gcloud

To view the details of a threat prevention security profile, use the gcloud beta network-security security-profiles describe command:

  gcloud beta network-security security-profiles describe NAME \
      --location LOCATION \
      --organization ORGANIZATION_ID

Replace the following:

  • NAME: the name of the security profile of type threat-prevention that you want to describe; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --organization and --location flags.

  • LOCATION: the location of the threat prevention security profile. Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • ORGANIZATION_ID: the organization where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

Project-level security profiles

To view a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To view the details of a threat prevention security profile, use the gcloud beta network-security security-profiles describe command:

  gcloud beta network-security security-profiles describe NAME \
      --location LOCATION \
      --project PROJECT_ID

Replace the following:

  • NAME: the name of the security profile of type threat-prevention that you want to describe; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --location and --project flags.

  • LOCATION: the location of the threat prevention security profile. Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

List threat prevention security profiles

You can list all the threat prevention security profiles in an organization or a project.

Organization-level security profiles

To list all organization-level threat prevention security profiles, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

gcloud

To list all the threat prevention security profiles, use the gcloud network-security security-profiles threat-prevention list command:

gcloud network-security security-profiles threat-prevention list \
    --location LOCATION \
    --billing-project QUOTA_PROJECT_ID \
    --organization ORGANIZATION_ID

Replace the following:

  • LOCATION: the location of the threat prevention security profiles. Location is always set to global.

  • ORGANIZATION_ID: the organization where the threat prevention security profiles exists.

  • QUOTA_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

Project-level security profiles

To list all project-level threat prevention security profiles, use the gcloud CLI.

gcloud

To list all the threat prevention security profiles, use the gcloud beta network-security security-profiles threat-prevention list command:

gcloud beta network-security security-profiles threat-prevention list \
    --location LOCATION \
    --project PROJECT_ID

Replace the following:

  • LOCATION: the location of the threat prevention security profiles. Location is always set to global.

  • PROJECT_ID: the project where the threat prevention security profile exists.

Delete a threat prevention security profile

You can delete a threat prevention security profile by specifying its name, location, and organization or project. However, if a security profile is referenced by a security profile group, that security profile cannot be deleted.

Organization-level security profiles

To delete an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

  3. Select the threat prevention security profile that you want to delete, and then click Delete.

  4. Click Delete again to confirm.

gcloud

To delete a threat prevention security profile, use the gcloud network-security security-profiles threat-prevention delete command:

gcloud network-security security-profiles threat-prevention delete NAME \
    --location LOCATION \
    --billing-project QUOTA_PROJECT_ID
    --organization ORGANIZATION_ID

Replace the following:

  • NAME: the name of the threat prevention security profile that you want to delete; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the threat prevention security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • QUOTA_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

  • ORGANIZATION_ID: the organization where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

Project-level security profiles

To delete a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To delete a threat prevention security profile, use the gcloud beta network-security security-profiles threat-prevention delete command:

gcloud beta network-security security-profiles threat-prevention delete NAME \
    --location LOCATION \
    --project PROJECT_ID

Replace the following:

  • NAME: the name of the threat prevention security profile that you want to delete; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the threat prevention security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

Import a threat prevention security profile

You can import a threat prevention security profile (either custom-created or previously exported) from a YAML file. When importing a threat prevention security profile, if a profile with the same name already exists, Cloud NGFW updates the existing profile.

Organization-level security profiles

To import an organization-level threat prevention security profile, use the gcloud CLI.

gcloud

To import a threat prevention security profile from a YAML file, use the gcloud beta network-security security-profiles import command:

gcloud beta network-security security-profiles import NAME \
    --location LOCATION \
    --organization ORGANIZATION_ID \
    --source FILE_NAME

Replace the following:

  • NAME: the name of the security profile of type threat-prevention that you want to import; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --organization and --location flags.

  • LOCATION: the location of the threat prevention security profile. Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • ORGANIZATION_ID: the organization where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

  • FILE_NAME: the path to the YAML file containing the configuration export data for the threat prevention security profile. For example, threat-prevention-sp.yaml.

    The YAML file must not contain any output-only fields. Alternatively, you can omit the source flag to read from the standard input.

Project-level security profiles

To import a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To import a threat prevention security profile from a YAML file, use the gcloud beta network-security security-profiles import command:

gcloud beta network-security security-profiles import NAME \
    --location LOCATION \
    --project PROJECT_ID \
    --source FILE_NAME

Replace the following:

  • NAME: the name of the security profile of type threat-prevention that you want to import; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --project and --location flags.

  • LOCATION: the location of the threat prevention security profile. Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

  • FILE_NAME: the path to the YAML file containing the configuration export data for the threat prevention security profile. For example, threat-prevention-sp.yaml.

    The YAML file must not contain any output-only fields. Alternatively, you can omit the source flag to read from the standard input.

Export a threat prevention security profile

You can export a threat prevention security profile to a YAML file. For example, instead of using the user-interface to modify a large security profile, you can use this functionality to export the security profile, modify it quickly, and import it back.

Organization-level security profiles

To export an organization-level threat prevention security profile, use the gcloud CLI.

gcloud

To export a threat prevention security profile to a YAML file, use the gcloud beta network-security security-profiles export command:

gcloud beta network-security security-profiles export NAME \
    --location LOCATION \
    --organization ORGANIZATION_ID \
    --billing-project BILLING_PROJECT_ID \
    --destination FILE_NAME

Replace the following:

  • NAME: the name of the security profile of type threat-prevention that you want to export; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --organization and --location flags.

  • LOCATION: the location of the threat prevention security profile. Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • ORGANIZATION_ID: the organization where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

  • BILLING_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

  • FILE_NAME: the path to the YAML file into which Cloud NGFW will export the configuration for the threat prevention security profile. For example, threat-prevention-sp.yaml.

    The exported configuration data doesn't contain any output-only fields. Alternatively, you can omit the destination flag to write to the standard output.

Project-level security profiles

To export a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To export a threat prevention security profile to a YAML file, use the gcloud beta network-security security-profiles export command:

gcloud beta network-security security-profiles export NAME \
    --location LOCATION \
    --project PROJECT_ID \
    --destination FILE_NAME

Replace the following:

  • NAME: the name of the security profile of type threat-prevention that you want to export; you can specify the name as a string or as a unique URL identifier.

    If you use a unique URL identifier for the NAME variable, you can omit the --project and --location flags.

  • LOCATION: the location of the threat prevention security profile. Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the threat prevention security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

  • FILE_NAME: the path to the YAML file into which Cloud NGFW will export the configuration for the threat prevention security profile. For example, threat-prevention-sp.yaml.

    The exported configuration data doesn't contain any output-only fields. Alternatively, you can omit the destination flag to write to the standard output.

Add override actions in a threat prevention security profile

You can override the actions associated with specific threat signatures or severity levels in an existing threat prevention security profile.

Organization-level security profiles

To add an override to an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

  3. Select the security profile where you want to override actions, and then click Edit.

  4. Under Severity overrides, click Edit next to the severity level that you want to override.

  5. In Override action list, select the appropriate action for the severity level.

  6. Click Confirm.

  7. Click Save.

gcloud

To add an override to a threat prevention security profile, use the gcloud network-security security-profiles threat-prevention add-override command:

gcloud network-security security-profiles threat-prevention add-override NAME \
    --location LOCATION \
    --billing-project QUOTA_PROJECT_ID \
    --organization ORGANIZATION_ID \
    [--severities SEVERITIES | --threat-ids THREAT_IDS | --antivirus PROTOCOLS] \
    --action ACTION

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • QUOTA_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

  • ORGANIZATION_ID: the organization where the security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

  • SEVERITIES: a comma-separated list of severity levels to override the action for. The firewall endpoint applies the configured --action flag to all threats of the specified severity levels. The severity can be any of following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • CRITICAL

  • THREAT_IDS: a comma-separated list of threat signature IDs to override the action for. The firewall endpoint applies the configured --action flag to all threats of the specified threat IDs.

  • PROTOCOLS: a comma-separated list of network protocols to monitor for the antivirus threat. For more information, see supported protocols.

  • ACTION: the action for the specified threat IDs or severities. For more information, see supported actions.

Project-level security profiles

To add an override to a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To add an override to a threat prevention security profile, use the gcloud beta network-security security-profiles threat-prevention add-override command:

gcloud beta network-security security-profiles threat-prevention add-override NAME \
  --location LOCATION \
  --project PROJECT_ID \
  [--severities SEVERITIES | --threat-ids THREAT_IDS | --antivirus PROTOCOLS] \
  --action ACTION

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

  • SEVERITIES: a comma-separated list of severity levels to override the action for. The firewall endpoint applies the configured --action flag to all threats of the specified severity levels. The severity can be any of following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • CRITICAL

  • THREAT_IDS: a comma-separated list of threat signature IDs to override the action for. The firewall endpoint applies the configured --action flag to all threats of the specified threat IDs.

  • PROTOCOLS: a comma-separated list of network protocols to monitor for the antivirus threat. For more information, see supported protocols.

  • ACTION: the action for the specified threat IDs or severities. For more information, see supported actions.

List override actions in a threat prevention security profile

You can list all the override actions in a threat prevention security profile.

Organization-level security profiles

To list all override actions in an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

  3. Select the security profile to view the configured severity override actions and threat signature override actions.

gcloud

To list all override actions in a threat prevention security profile, use the gcloud network-security security-profiles threat-prevention list-overrides command:

gcloud network-security security-profiles threat-prevention list-overrides NAME \
  --location LOCATION \
  --organization ORGANIZATION_ID

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • ORGANIZATION_ID: the organization where the security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

Project-level security profiles

To list all override actions in a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To list all override actions in a threat prevention security profile, use the gcloud beta network-security security-profiles threat-prevention list-overrides command:

gcloud beta network-security security-profiles threat-prevention list-overrides NAME \
  --location LOCATION \
  --project PROJECT_ID

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the security profile is created. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

Update override actions in a threat prevention security profile

You can update existing override actions for severity levels or threat signatures in a threat prevention security profile.

Organization-level security profiles

To update an override action in an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

  3. Select the security profile, and then click Edit.

  4. Under Severity overrides, click Edit next to the severity level where you want to update override action.

  5. In the Override action list, select the appropriate action for the severity level.

  6. Click Confirm.

  7. Click Save.

gcloud

To update an override action in a threat prevention security profile, use the gcloud network-security security-profiles threat-prevention update-override command:

gcloud network-security security-profiles threat-prevention update-override NAME \
    --location LOCATION \
    --billing-project QUOTA_PROJECT_ID \
    --organization ORGANIZATION_ID \
    [--severities SEVERITIES | --threat-ids THREAT_IDS | --antivirus PROTOCOLS] \
    --action ACTION

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • QUOTA_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

  • ORGANIZATION_ID: the organization where the security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

  • SEVERITIES: a comma-separated list of severity levels you want to update overrides for. The severity can be any of following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • CRITICAL

  • THREAT_IDS: a comma-separated list of threat signature IDs you want to update overrides for.

  • PROTOCOLS: a comma-separated list of network protocols to monitor for the antivirus threat. The following protocols are supported:

    • SMTP
    • SMB
    • POP3
    • IMAP
    • HTTP2
    • HTTP
    • FTP

  • ACTION: the default action for the specified threat IDs or severities. The action can be one of the following:

    • DEFAULT
    • ALLOW
    • DENY
    • ALERT

Project-level security profiles

To update an override action in a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To update an override action in a threat prevention security profile, use the gcloud beta network-security security-profiles threat-prevention update-override command:

gcloud beta network-security security-profiles threat-prevention update-override NAME \
    --location LOCATION \
    --project PROJECT_ID \
    [--severities SEVERITIES | --threat-ids THREAT_IDS | --antivirus PROTOCOLS] \
    --action ACTION

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the security profile is created. If you use a unique URL identifier for the NAME flag, you can omit the --project flag.

  • SEVERITIES: a comma-separated list of severity levels you want to update overrides for. The severity can be any of following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • CRITICAL

  • THREAT_IDS: a comma-separated list of threat signature IDs you want to update overrides for.

  • PROTOCOLS: a comma-separated list of network protocols to monitor for the antivirus threat. The following protocols are supported:

    • SMTP
    • SMB
    • POP3
    • IMAP
    • HTTP2
    • HTTP
    • FTP

  • ACTION: the default action for the specified threat IDs or severities. The action can be one of the following:

    • DEFAULT
    • ALLOW
    • DENY
    • ALERT

Delete override actions from a threat prevention security profile

You can delete existing override actions for severity levels or threat signatures from a threat prevention security profile.

Organization-level security profiles

To delete an override action from an organization-level threat prevention security profile, use the Google Cloud console or the gcloud CLI.

Console

  1. In the Google Cloud console, go to the Security profiles page.

    Go to Security profiles

  2. Select the Security profiles tab. The tab shows a list of configured security profiles.

  3. Select the security profile, and then click Edit.

  4. Under Severity overrides, click Edit next to the severity level where you want to delete the override action.

  5. In the Override action list, select No override.

  6. Click Confirm.

  7. Under Signature overrides, select the threat ID that you want to delete.

  8. Click Delete.

  9. Click Save.

gcloud

To delete an override action from a threat prevention security profile, use the gcloud network-security security-profiles threat-prevention delete-override command:

gcloud network-security security-profiles threat-prevention delete-override NAME \
    --location LOCATION \
    --organization ORGANIZATION_ID \
    --billing-project QUOTA_PROJECT_ID \
    [--severities SEVERITIES | --threat-ids THREAT_IDS | --antivirus PROTOCOLS]

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • ORGANIZATION_ID: the organization where the security profile exists. If you use a unique URL identifier for the NAME variable, you can omit the --organization flag.

  • QUOTA_PROJECT_ID: an optional project ID to use for quotas and access restrictions on the threat prevention security profile.

  • SEVERITIES: a comma-separated list of severity levels you want to delete overrides for. The severity can be any of following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • CRITICAL

  • THREAT_IDS: a comma-separated list of threat signature IDs you want to delete overrides for.

  • PROTOCOLS: a comma-separated list of network protocols to monitor for the antivirus threat. The following protocols are supported:

    • SMTP
    • SMB
    • POP3
    • IMAP
    • HTTP2
    • HTTP
    • FTP

Project-level security profiles

To delete an override action from a project-level threat prevention security profile, use the gcloud CLI.

gcloud

To delete an override action from a threat prevention security profile, use the gcloud beta network-security security-profiles threat-prevention delete-override command:

gcloud beta network-security security-profiles threat-prevention delete-override NAME \
    --location LOCATION \
    --project PROJECT_ID \
    [--severities SEVERITIES | --threat-ids THREAT_IDS | --antivirus PROTOCOLS]

Replace the following:

  • NAME: the name of the security profile; you can specify the name as a string or as a unique URL identifier.

  • LOCATION: the location of the security profile.

    Location is always set to global. If you use a unique URL identifier for the NAME variable, you can omit the --location flag.

  • PROJECT_ID: the project where the security profile is created. If you use a unique URL identifier for the NAME variable, you can omit the --project flag.

  • SEVERITIES: a comma-separated list of severity levels you want to delete overrides for. The severity can be any of following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • CRITICAL

  • THREAT_IDS: a comma-separated list of threat signature IDs you want to delete overrides for.

  • PROTOCOLS: a comma-separated list of network protocols to monitor for the antivirus threat. The following protocols are supported:

    • SMTP
    • SMB
    • POP3
    • IMAP
    • HTTP2
    • HTTP
    • FTP

What's next