Creates a new observable. For more information on observables, go to our documentation.
The unique identifier of the observable. This field value is automatically generated and shouldn't be provided when creating or updating an observable.
The observable value type is unknown. Only applicable when the observable type is TYPE_ID_UNKNOWN.
The observable value is a hostname. Only applicable when the observable type is TYPE_ID_HOSTNAME. The hostname represents a unique name assigned to a device connected to a computer network, as defined by RFC 1034.
The observable value is an IP address. Only applicable when the observable type is TYPE_ID_IP_ADDRESS. An IP address is an Internet Protocol address, in either IPv4 or IPv6 format.
The observable value is a MAC (media access control) address. Only applicable when the observable type is TYPE_ID_MAC_ADDRESS.
The observable value is a user name. Only applicable when the observable type is TYPE_ID_USER_NAME.
The observable value is an email. Only applicable when the observable type is TYPE_ID_EMAIL_ADDRESS. The email address is validated with RFC 5322.
The observable value is a URL (Uniform Resource Locator). Only applicable when the observable type is TYPE_ID_URL.
The observable value is a file name. Only applicable when the observable type is TYPE_ID_FILE_NAME.
The observable value is a file hash. Only applicable when the observable type is TYPE_ID_FILE_HASH.
The observable value is a process name. Only applicable when the observable type is TYPE_ID_PROCESS_NAME.
The observable value is a resource UID. Only applicable when the observable type is TYPE_ID_RESOURCE_UID. Examples: S3 bucket name or an EC2 instance ID.
The observable value type is Other. Only applicable when the observable type is TYPE_ID_OTHER.
- TYPE_ID_UNKNOWN: The observable type is unknown.
- TYPE_ID_HOSTNAME: The observable type is Hostname.
- TYPE_ID_IP_ADDRESS: The observable type is IP address.
- TYPE_ID_MAC_ADDRESS: The observable type is MAC address.
- TYPE_ID_USER_NAME: The observable type is User name.
- TYPE_ID_EMAIL_ADDRESS: The observable type is Email.
- TYPE_ID_URL: The observable type is URL.
- TYPE_ID_FILE_NAME: The observable type is File name.
- TYPE_ID_FILE_HASH: The observable type is File hash.
- TYPE_ID_PROCESS_NAME: The observable type is Process name.
- TYPE_ID_RESOURCE_UID: The observable type is Resource UID.
- TYPE_ID_OTHER: The observable type is Other.
- SCORE_UNKNOWN: The reputation score is unknown.
- SCORE_VERY_SAFE: The reputation score is Very safe.
- SCORE_SAFE: The reputation score is Safe.
- SCORE_PROBABLY_SAFE: The reputation score is Probably safe.
- SCORE_LEANS_SAFE: The reputation score is Leans safe.
- SCORE_MAY_NOT_BE_SAFE: The reputation score is May not be safe.
- SCORE_EXERCISE_CAUTION: The reputation score is Exercise caution.
- SCORE_SUSPICIOUS_OR_RISKY: The reputation score is Suspicious or risky.
- SCORE_POSSIBLY_MALICIOUS: The reputation score is Possibly malicious.
- SCORE_PROBABLY_MALICIOUS: The reputation score is Probably malicious.
- SCORE_MALICIOUS: The reputation score is Malicious.
- SCORE_OTHER: The reputation score is not mapped.
The observable description.
The sub type of the observable value.
- SUB_TYPE_ID_UNKNOWN: The observable sub type is unknown.
- SUB_TYPE_ID_HOSTNAME_FQDN: The observable type is Hostname and the sub type is FQDN.
- SUB_TYPE_ID_HOSTNAME_NETBIOS: The observable type is hostname and the sub type is NetBIOS.
- SUB_TYPE_ID_IP_ADDRESS_IPV4: The observable type is IP address and the sub type is IPv4.
- SUB_TYPE_ID_IP_ADDRESS_IPV6: The observable type is IP address and the sub type is IPv6.
- SUB_TYPE_ID_FILE_HASH_MD5: The observable type is File hash and the sub type is MD5.
- SUB_TYPE_ID_FILE_HASH_SHA1: The observable type is File hash and the sub type is SHA1.
- SUB_TYPE_ID_FILE_HASH_SHA256: The observable type is File hash and the sub type is SHA256.
- SUB_TYPE_ID_USERNAME_UPN: The observable type is User name and the sub type is UPN.
- SUB_TYPE_ID_USERNAME_DOMAIN: The observable type is User name and the sub type is Down-level Logon name.
- SUB_TYPE_ID_OTHER: The observable type is Other.
A successful response.
The unique identifier of the observable. This field value is automatically generated and shouldn't be provided when creating or updating an observable.
The observable value type is unknown. Only applicable when the observable type is TYPE_ID_UNKNOWN.
The observable value is a hostname. Only applicable when the observable type is TYPE_ID_HOSTNAME. The hostname represents a unique name assigned to a device connected to a computer network, as defined by RFC 1034.
The observable value is an IP address. Only applicable when the observable type is TYPE_ID_IP_ADDRESS. An IP address is an Internet Protocol address, in either IPv4 or IPv6 format.
The observable value is a MAC (media access control) address. Only applicable when the observable type is TYPE_ID_MAC_ADDRESS.
The observable value is a user name. Only applicable when the observable type is TYPE_ID_USER_NAME.
The observable value is an email. Only applicable when the observable type is TYPE_ID_EMAIL_ADDRESS. The email address is validated with RFC 5322.
The observable value is a URL (Uniform Resource Locator). Only applicable when the observable type is TYPE_ID_URL.
The observable value is a file name. Only applicable when the observable type is TYPE_ID_FILE_NAME.
The observable value is a file hash. Only applicable when the observable type is TYPE_ID_FILE_HASH.
The observable value is a process name. Only applicable when the observable type is TYPE_ID_PROCESS_NAME.
The observable value is a resource UID. Only applicable when the observable type is TYPE_ID_RESOURCE_UID. Examples: S3 bucket name or an EC2 instance ID.
The observable value type is Other. Only applicable when the observable type is TYPE_ID_OTHER.
- TYPE_ID_UNKNOWN: The observable type is unknown.
- TYPE_ID_HOSTNAME: The observable type is Hostname.
- TYPE_ID_IP_ADDRESS: The observable type is IP address.
- TYPE_ID_MAC_ADDRESS: The observable type is MAC address.
- TYPE_ID_USER_NAME: The observable type is User name.
- TYPE_ID_EMAIL_ADDRESS: The observable type is Email.
- TYPE_ID_URL: The observable type is URL.
- TYPE_ID_FILE_NAME: The observable type is File name.
- TYPE_ID_FILE_HASH: The observable type is File hash.
- TYPE_ID_PROCESS_NAME: The observable type is Process name.
- TYPE_ID_RESOURCE_UID: The observable type is Resource UID.
- TYPE_ID_OTHER: The observable type is Other.
The name of the observable type. The name is automatically derived from the type ID.
- SCORE_UNKNOWN: The reputation score is unknown.
- SCORE_VERY_SAFE: The reputation score is Very safe.
- SCORE_SAFE: The reputation score is Safe.
- SCORE_PROBABLY_SAFE: The reputation score is Probably safe.
- SCORE_LEANS_SAFE: The reputation score is Leans safe.
- SCORE_MAY_NOT_BE_SAFE: The reputation score is May not be safe.
- SCORE_EXERCISE_CAUTION: The reputation score is Exercise caution.
- SCORE_SUSPICIOUS_OR_RISKY: The reputation score is Suspicious or risky.
- SCORE_POSSIBLY_MALICIOUS: The reputation score is Possibly malicious.
- SCORE_PROBABLY_MALICIOUS: The reputation score is Probably malicious.
- SCORE_MALICIOUS: The reputation score is Malicious.
- SCORE_OTHER: The reputation score is not mapped.
The reputation name. The name is automatically derived from the reputation ID.
The time when the observable was first observed. This field value is automatically generated and shouldn't be provided when creating or updating an observable.
The time when the observable was last observed. This field value is automatically generated and shouldn't be provided when creating or updating an observable.
The observable description.
The sub type of the observable value.
- SUB_TYPE_ID_UNKNOWN: The observable sub type is unknown.
- SUB_TYPE_ID_HOSTNAME_FQDN: The observable type is Hostname and the sub type is FQDN.
- SUB_TYPE_ID_HOSTNAME_NETBIOS: The observable type is hostname and the sub type is NetBIOS.
- SUB_TYPE_ID_IP_ADDRESS_IPV4: The observable type is IP address and the sub type is IPv4.
- SUB_TYPE_ID_IP_ADDRESS_IPV6: The observable type is IP address and the sub type is IPv6.
- SUB_TYPE_ID_FILE_HASH_MD5: The observable type is File hash and the sub type is MD5.
- SUB_TYPE_ID_FILE_HASH_SHA1: The observable type is File hash and the sub type is SHA1.
- SUB_TYPE_ID_FILE_HASH_SHA256: The observable type is File hash and the sub type is SHA256.
- SUB_TYPE_ID_USERNAME_UPN: The observable type is User name and the sub type is UPN.
- SUB_TYPE_ID_USERNAME_DOMAIN: The observable type is User name and the sub type is Down-level Logon name.
- SUB_TYPE_ID_OTHER: The observable type is Other.
The name of the observable sub type. The name is automatically derived from the sub type ID.
Invalid bearer token. If you receive this message more than once try creating a new Client ID/Client Secret or generating a new bearer token.
You don't have permission to access this resource.
An unexpected error response.
Any contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo))
Example 2: Pack and unpack a message in Java.
Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) // or ... if (any.isSameTypeAs(Foo.getDefaultInstance()))
Example 3: Pack and unpack a message in Python.
foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo any, err := anypb.New(foo) if err != nil ... foo := &pb.Foo if err := any.UnmarshalTo(foo); err != nil
The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
JSON
The JSON representation of an Any value uses the regular
representation of the deserialized, embedded message, with an
additional field @type which contains the type URL. Example:
package google.profile; message Person
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName":
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
value which holds the custom JSON in addition to the @type
field. Example (for message [google.protobuf.Duration][]):
{ "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" }
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
path/google.protobuf.Duration). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme http, https, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
- If no scheme is provided,
httpsis assumed. - An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error.
- Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)
Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one.
Schemes other than http, https (or the empty scheme) might be
used with implementation specific semantics.