REST Resource: projects.configurations

Resource: Configuration

A configuration represents a behavior an engine should follow when producing new findings.

JSON representation 
{
  "name": string,
  "displayName": string,
  "audit": {
    object (Audit)
  },
  "provider": string,
  "state": enum (State),
  "detail": {
    object (ConfigurationDetail)
  },
  "version": string,
  "description": string
}
Fields
name

string

Identifier. Server generated name for the configuration. format is projects/{project}/configurations/{configuration}
displayName

string

Output only. Human readable name for the configuration.
audit

object (Audit)

Output only. Audit information for the configuration.
provider

string

Required. Name of the service that provides the configuration.
state

enum (State)

Optional. State of the configuration.
detail

object (ConfigurationDetail)

Required. Domain specific details for the configuration.
version

string

Optional. A user-manipulatable version. Does not adhere to a specific format
description

string

Optional. A description of the configuration.

State

State of the configuration.

Enums
STATE_UNSPECIFIED Configuration state is unspecified. This is not expected to occur.
ENABLED Configuration is enabled for the customer.
DISABLED Configuration is disabled for the customer.
DEPRECATED Configuration is deprecated, no new configs are allowed to be created.

ConfigurationDetail

Wrapper class that contains the union struct for all the various configuration detail specific classes.

JSON representation 
{
  "detailType": string,

  // Union field detail can be only one of the following:
  "initialAccessBroker": {
    object (InitialAccessBrokerConfig)
  },
  "customerProfile": {
    object (CustomerProfileConfig)
  },
  "technologyWatchlist": {
    object (TechnologyWatchListConfig)
  }
  // End of list of possible types for union field detail.
}
Fields
detailType

string

Output only. Name of the detail type. Will be set by the server during creation to the name of the field that is set in the detail union.
Union field detail. Domain specific details object. detail can be only one of the following:
initialAccessBroker

object (InitialAccessBrokerConfig)

Initial Access Broker (IAB) detail config.
customerProfile

object (CustomerProfileConfig)

Customer Profile detail config.
technologyWatchlist

object (TechnologyWatchListConfig)

Technology Watchlist detail config.

InitialAccessBrokerConfig

InitialAccessBrokerConfig is specific to Initial Access Broker (IAB) matching scenarios.

JSON representation 
{
  "entityProfile": {
    object (EntityProfile)
  }
}
Fields
entityProfile

object (EntityProfile)

Represents the comprehensive profile of the customer entity used for matching.

EntityProfile

EntityProfile represents the structured profile of a customer entity, containing key identifiers and descriptive attributes optimized for contextual matching against threat intelligence, particularly Initial Access Broker (IAB) offerings.

JSON representation 
{
  "name": string,
  "profileSummary": string,
  "domains": [
    string
  ],
  "industries": [
    string
  ],
  "subIndustries": [
    string
  ],
  "regions": [
    string
  ],
  "countries": [
    string
  ],
  "operationalAreas": [
    string
  ]
}
Fields
name

string

Required. Canonical name of the entity (e.g., the legal company name). Purpose: Primary identifier for the customer.
profileSummary

string

Required. A concise, machine-generated (e.g., LLM) or human-curated summary of the entity. Purpose: Captures the semantic essence for embedding generation and similarity matching. Should synthesize key aspects like core business, scale, and market. Example: "Acme Corporation is a large, US-based multinational conglomerate operating..."
domains[]

string

Required. List of primary internet domain names associated with the entity. Purpose: Crucial for explicit matching against domains mentioned in threat intel and can inform semantic matching. Must contain at least one domain. Example: ["acme.com", "acme.co.uk"]
industries[]

string

Optional. List of primary industry sectors the entity operates within. Purpose: Crucial for matching industry-specific threats and understanding attacker motivation. Use standardized GTI Industry Classification values. Example: ["Technology", "Financial Services", "Healthcare"]
subIndustries[]

string

Optional. List of more granular sub-industries, if applicable and known. Purpose: Provides finer-grained context for more specific threat matching. Should align with GTI classifications if possible. Example: ["Semiconductors", "Cloud Computing Services", "Investment Banking"]
regions[]

string

Optional. List of primary geopolitical regions where the entity has significant operations. Purpose: Filters geographically relevant threats. Use standardized names or codes where possible (e.g., "North America", "EMEA", "APAC", UN M49 codes).
countries[]

string

Optional. List of specific countries of operation. Purpose: Essential for matching geographically targeted threats (e.g., actor specifies victims in 'DE'). Use ISO 3166-1 alpha-2 codes (e.g., "US", "GB", "JP", "DE").
operationalAreas[]

string

Optional. Specific geographic areas of significant operational concentration or strategic importance below the country level, if clearly identifiable and relevant. Purpose: Useful for highly localized threats, less commonly populated than countries. Example: ["Silicon Valley", "Frankfurt am Main Metropolitan Region"]

CustomerProfileConfig

CustomerProfileConfig is the configuration for the customer profile.

JSON representation 
{
  "org": string,
  "orgSummary": string,
  "industries": [
    {
      object (CustomerProfileIndustry)
    }
  ],
  "parentCompanies": [
    {
      object (CustomerProfileCompany)
    }
  ],
  "products": [
    {
      object (CustomerProfileProduct)
    }
  ],
  "locations": [
    {
      object (CustomerProfileLocation)
    }
  ],
  "executives": [
    {
      object (CustomerProfilePerson)
    }
  ],
  "webPresences": [
    {
      object (CustomerProfileWebPresence)
    }
  ],
  "technologyPresence": string,
  "securityConsiderations": {
    object (CustomerProfileSecurityConsiderations)
  },
  "contactInfo": [
    {
      object (CustomerProfileContactInfo)
    }
  ],
  "citations": [
    {
      object (CustomerProfileCitation)
    }
  ],
  "summary": {
    object (CustomerProfileSummary)
  }
}
Fields
org

string

Required. The name of the organization.
orgSummary

string

Optional. A summary of the organization.
industries[]

object (CustomerProfileIndustry)

Optional. The industries the organization is involved in.
parentCompanies[]

object (CustomerProfileCompany)

Optional. The parent companies of the organization.
products[]

object (CustomerProfileProduct)

Optional. Product information for the organization.
locations[]

object (CustomerProfileLocation)

Optional. Locations the organization is present or conducts business in.
executives[]

object (CustomerProfilePerson)

Optional. Executives of the organization.
webPresences[]

object (CustomerProfileWebPresence)

Optional. Web presence of the organization.
technologyPresence

string

Optional. Technology presence of the organization.
securityConsiderations

object (CustomerProfileSecurityConsiderations)

Optional. Security considerations for the organization.
contactInfo[]

object (CustomerProfileContactInfo)

Optional. Contact information for the organization.
citations[]

object (CustomerProfileCitation)

Optional. Citations for the organization profile.
summary

object (CustomerProfileSummary)

Optional. A summarized version of the customer profile.

CustomerProfileIndustry

Industry information for the customer profile.

JSON representation 
{
  "industry": string,
  "citationIds": [
    string
  ]
}
Fields
industry

string

Required. The name of the industry.
citationIds[]

string

Optional. The citation ids for the industry.

CustomerProfileCompany

Company information for the customer profile.

JSON representation 
{
  "company": string,
  "citationIds": [
    string
  ]
}
Fields
company

string

Required. The name of the company.
citationIds[]

string

Optional. The citation ids for the company.

CustomerProfileProduct

Product information for the customer profile.

JSON representation 
{
  "product": string,
  "brand": string,
  "citationIds": [
    string
  ]
}
Fields
product

string

Required. The name of the product.
brand

string

Required. The brand of the product.
citationIds[]

string

Optional. The citation ids for the product.

CustomerProfileLocation

Location information for the customer profile.

JSON representation 
{
  "facilityType": string,
  "brand": string,
  "address": string,
  "citationIds": [
    string
  ]
}
Fields
facilityType

string

Optional. The type of location.
brand

string

Required. The brand of the location.
address

string

Required. The address of the location.
citationIds[]

string

Optional. The citation ids for the location.

CustomerProfilePerson

Person information for the customer profile.

JSON representation 
{
  "name": string,
  "title": string,
  "citationIds": [
    string
  ]
}
Fields
name

string

Required. The name of the person.
title

string

Optional. The title of the person.
citationIds[]

string

Optional. The citation ids for the person.

CustomerProfileWebPresence

Web presence information for the customer profile.

JSON representation 
{
  "domain": string,
  "citationIds": [
    string
  ]
}
Fields
domain

string

Required. The domain name of the web presence.
citationIds[]

string

Optional. The citation ids for the web presence.

CustomerProfileSecurityConsiderations

Security considerations for the customer profile.

JSON representation 
{
  "note": string,
  "considerations": [
    string
  ]
}
Fields
note

string

Optional. A note about the security considerations.
considerations[]

string

Optional. A series of considerations for the security of the organization, such as "high risk of compromise" or "vulnerable to cyberbullying".

CustomerProfileContactInfo

Contact information for the customer profile.

JSON representation 
{
  "label": string,
  "citationIds": [
    string
  ],

  // Union field contact_info can be only one of the following:
  "email": string,
  "phone": string,
  "address": string,
  "other": string
  // End of list of possible types for union field contact_info.
}
Fields
label

string

Optional. The name of the contact.
citationIds[]

string

Optional. The citation ids for the contact information.
Union field contact_info. The contact information for the customer profile. contact_info can be only one of the following:
email

string

The email address of the contact.
phone

string

The phone number of the contact.
address

string

The address of the contact.
other

string

The other contact information.

CustomerProfileCitation

Citation information for the customer profile.

JSON representation 
{
  "citationId": string,
  "uri": string,
  "retrievalTime": string,
  "source": string,
  "document": string
}
Fields
citationId

string

Required. The citation id for the citation. Should be unique within the profile.
uri

string

Optional. The url of the citation.
retrievalTime

string (Timestamp format)

The time the citation was retrieved.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
source

string

Required. The source of the citation.
document

string

Required. The name of the document the citation is from.

CustomerProfileSummary

A summarized version of the customer profile. Generated by the backend.

JSON representation 
{
  "title": {
    object (CustomerProfileCitedString)
  },
  "entityType": {
    object (CustomerProfileCitedString)
  },
  "industry": {
    object (CustomerProfileCitedString)
  },
  "founded": {
    object (CustomerProfileCitedString)
  },
  "headquarters": {
    object (CustomerProfileCitedString)
  },
  "areaServed": {
    object (CustomerProfileCitedString)
  },
  "keyPeopleSummary": {
    object (CustomerProfileCitedString)
  },
  "productsSummary": {
    object (CustomerProfileCitedString)
  },
  "servicesSummary": {
    object (CustomerProfileCitedString)
  },
  "brands": {
    object (CustomerProfileCitedString)
  },
  "parentCompany": {
    object (CustomerProfileCitedString)
  },
  "primaryWebsite": {
    object (CustomerProfileCitedString)
  }
}
Fields
title

object (CustomerProfileCitedString)

Optional. The official name of the customer.
entityType

object (CustomerProfileCitedString)

Optional. The entity type of the customer.
industry

object (CustomerProfileCitedString)

Optional. The industry the customer is in.
founded

object (CustomerProfileCitedString)

Optional. The date the customer was founded.
headquarters

object (CustomerProfileCitedString)

Optional. The headquarters of the customer.
areaServed

object (CustomerProfileCitedString)

Optional. The area the customer serves.
keyPeopleSummary

object (CustomerProfileCitedString)

Optional. A narrative summary of key people.
productsSummary

object (CustomerProfileCitedString)

Optional. A narrative summary of products.
servicesSummary

object (CustomerProfileCitedString)

Optional. A narrative summary of services.
brands

object (CustomerProfileCitedString)

Optional. A narrative summary of brands.
parentCompany

object (CustomerProfileCitedString)

Optional. The parent company of the customer.
primaryWebsite

object (CustomerProfileCitedString)

Optional. The primary website of the customer.

CustomerProfileCitedString

A string with citation ids.

JSON representation 
{
  "value": string,
  "citationIds": [
    string
  ]
}
Fields
value

string

Required. The value of the string.
citationIds[]

string

Optional. The citation ids for the string.

TechnologyWatchListConfig

TechnologyWatchListConfig is the configuration for the technology watchlist.

JSON representation 
{
  "technologies": [
    string
  ],
  "alertThreshold": {
    object (TechnologyWatchListAlertThreshold)
  }
}
Fields
technologies[]

string

Optional. List of vendor, technology or cpe fingerprint. example: Microsoft office 360 Apache Server 3.5 cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*
alertThreshold

object (TechnologyWatchListAlertThreshold)

Optional. Alert thresholds to effectively reduce noise.

TechnologyWatchListAlertThreshold

TechnologyWatchListAlertThreshold contains the thresholds for alerting.

JSON representation 
{
  "priorityMinimum": enum (Priority),
  "cvssScoreMinimum": number,
  "epssScoreMinimum": number,
  "exploitationStates": [
    enum (ExploitationState)
  ]
}
Fields
priorityMinimum

enum (Priority)

Optional. The minimum priority for the alert.
cvssScoreMinimum

number

Optional. The minimum cvss V3 score for the alert. Ex: 7.0. Valid range is [0.0, 10.0].
epssScoreMinimum

number

Optional. The minimum epss score for the alert. Ex: 0.8. Valid range is [0.0, 1.0].
exploitationStates[]

enum (ExploitationState)

Optional. The exploitation states of the alert.

Priority

Represents the priority levels, with P0 being the highest priority.

Enums
PRIORITY_UNSPECIFIED Unspecified priority.
P0 Priority level 0.
P1 Priority level 1.
P2 Priority level 2.
P3 Priority level 3.
P4 Priority level 4.

Methods

get

 Get a configuration by name.

list

 Get a list of configurations that meet the filter criteria.

upsert

 Creates or updates a configuration.