List detections

{
  "$ref": "incident_managementv1ListDetectionsResponse",
  "detections": [
    {
      "$ref": "incident_managementv1Detection",
      "description": "Descriptor of one particular detection occurrence. Detections occurs in some [DetectionContext] and is followed by [DetectionResponse]s. [Detection] can be resolved what means it no longer pose security risk.",
      "category": {
        "$ref": "incident_managementv1DetectionCategory",
        "type": "string",
        "description": "Category of detection. Deprecated. DETECTION_CATEGORY_UNSPECIFIED: fallback DETECTION_CATEGORY_CORRELATION_RULE: When hit of EDR rule is detected. https://help.eset.com/ei_rules/latest/en-US/ - DETECTION_CATEGORY_FIREWALL_RULE: When hit of firewall rule is detected. - DETECTION_CATEGORY_ANTIVIRUS: For ThreatSense detections. - DETECTION_CATEGORY_HIPS: When host intrusion is detected. - DETECTION_CATEGORY_NETWORK_INTRUSION: When network intrusion is detected. - DETECTION_CATEGORY_HIPS_RULE: When hit of HIPS rule is detected. - DETECTION_CATEGORY_WEB_ACCESS: When access to web is detected. - DETECTION_CATEGORY_VULNERABILITY: When application vulnerability is detected. - DETECTION_CATEGORY_APPLICATION_PATCH: When application patch is detected. - DETECTION_CATEGORY_SUSPICIOUS_ACTIVITY: When suspicious activity is detected.",
        "default": "DETECTION_CATEGORY_UNSPECIFIED",
        "enum": [
          "DETECTION_CATEGORY_UNSPECIFIED",
          "DETECTION_CATEGORY_CORRELATION_RULE",
          "DETECTION_CATEGORY_FIREWALL_RULE",
          "DETECTION_CATEGORY_ANTIVIRUS",
          "DETECTION_CATEGORY_HIPS",
          "DETECTION_CATEGORY_NETWORK_INTRUSION",
          "DETECTION_CATEGORY_HIPS_RULE",
          "DETECTION_CATEGORY_WEB_ACCESS",
          "DETECTION_CATEGORY_VULNERABILITY",
          "DETECTION_CATEGORY_APPLICATION_PATCH",
          "DETECTION_CATEGORY_SUSPICIOUS_ACTIVITY"
        ]
      },
      "context": {
        "$ref": "v1DetectionContext",
        "description": "Context of a [detection].",
        "circumstances": {
          "type": "string",
          "description": "Human-friendly description of [detection]'s circumstances."
        },
        "deviceUuid": {
          "type": "string",
          "description": "Reference to a [device] with detection. Device details must be fetched from device management. Info: This field leads to former - Computer Name - Computer Description - Computer Tags - Group Name - IP Address type: device_management.v1.Device"
        },
        "process": {
          "$ref": "incident_managementv1Process",
          "description": "Process descriptor.",
          "path": {
            "type": "string",
            "description": "Disk path to the executable."
          }
        },
        "userName": {
          "type": "string",
          "description": "User name in whose context detection occurred. It is an arbitrary string, for example on windows: https://docs.microsoft.com/en-us/windows/win32/secauthn/user-name-formats"
        }
      },
      "displayName": {
        "type": "string",
        "description": "Human-friendly name of the detection. This value can be used to look up details at https://www.threatminer.org/. Examples: 'Win32/Kingsoft.B' 'Rule_name_100663' '(Blocked by )PUA blacklist'"
      },
      "networkCommunication": {
        "$ref": "v1NetworkCommunication",
        "description": "Descriptor of network communication.",
        "direction": {
          "$ref": "v1NetworkCommunicationDirection",
          "type": "string",
          "description": "Direction of network communication. NETWORK_COMMUNICATION_DIRECTION_UNSPECIFIED: fallback NETWORK_COMMUNICATION_DIRECTION_INBOUND: The direction from remote host towards local host (the device where detection occurred). NETWORK_COMMUNICATION_DIRECTION_OUTBOUND: The direction from local host (the device where detection occurred) towards remote host.",
          "default": "NETWORK_COMMUNICATION_DIRECTION_UNSPECIFIED",
          "enum": [
            "NETWORK_COMMUNICATION_DIRECTION_UNSPECIFIED",
            "NETWORK_COMMUNICATION_DIRECTION_INBOUND",
            "NETWORK_COMMUNICATION_DIRECTION_OUTBOUND"
          ]
        },
        "localIpAddress": {
          "type": "string",
          "description": "IPv4 or IPv6 address of the device (i.e. the device where detection occurred). From device's point of view, the local side is always the device's side. The remote side is not on the device. That is irrespective of communication direction."
        },
        "localPort": {
          "type": "integer",
          "description": "TCP or UDP port on the device (i.e. the device where detection occurred). From device's point of view, the local side is always the device's side. The remote side is not on the device. That is irrespective of communication direction.",
          "format": "int64"
        },
        "protocolName": {
          "type": "string",
          "description": "Human readable name of the protocol used to communicate between local and remote hosts."
        },
        "remoteIpAddress": {
          "type": "string",
          "description": "IPv4 or IPv6 address of the remote host (i.e. not the device where detection occurred). From device's point of view, the local side is always the device's side. The remote side is not on the device. That is irrespective of communication direction."
        },
        "remotePort": {
          "type": "integer",
          "description": "TCP or UDP port on the remote host (i.e. not the device where detection occurred). From device's point of view, the local side is always the device's side. The remote side is not on the device. That is irrespective of communication direction.",
          "format": "int64"
        }
      },
      "objectHashSha1": {
        "type": "string",
        "description": "SHA1 hash of content of scanned object."
      },
      "objectName": {
        "type": "string",
        "description": "Name/path of scanned object. Examples: 'http://roxlock.com' 'eicar.com'"
      },
      "objectTypeName": {
        "title": "Human-friendly type name of scanned object",
        "type": "string",
        "description": "Examples: 'File' 'Memory'"
      },
      "objectUrl": {
        "type": "string",
        "description": "URL (uniform resource locator) of scanned object."
      },
      "occurTime": {
        "type": "string",
        "description": "Timestamp of detection occurrence. Info: Named by using google naming convention: https://cloud.google.com/apis/design/naming_convention#time_and_duration",
        "format": "date-time"
      },
      "responses": [
        {
          "$ref": "incident_managementv1DetectionResponse",
          "description": {
            "type": "string",
            "description": "Human-readable description of the response."
          },
          "deviceRestartRequired": {
            "type": "boolean",
            "description": "Response needs restart of the device to be completed."
          },
          "displayName": {
            "type": "string",
            "description": "Human-friendly name of the response."
          },
          "protectionName": {
            "type": "string",
            "description": "Human-readable name of the protection that performed the response."
          }
        }
      ],
      "severityLevel": {
        "$ref": "dotnodincident_managementv1SeverityLevel",
        "type": "string",
        "description": "Severity levels abstracted to cover all the possible GUIs. Vocabulary is leaving interpretation of severity level completely to API client. info: This approach is inevitable on the SIEM level as many contributing sources exist. Keeping the local names for severity levels never fits all the GUIs. SEVERITY_LEVEL_UNSPECIFIED: fallback SEVERITY_LEVEL_DIAGNOSTIC: In some GUIs known Debug SEVERITY_LEVEL_INFORMATIONAL: In some GUIs known as Info or Information SEVERITY_LEVEL_LOW: In some GUIs known Warning SEVERITY_LEVEL_MEDIUM: In some GUIs known as Error or Threat SEVERITY_LEVEL_HIGH: In some GUIs known as Critical",
        "default": "SEVERITY_LEVEL_UNSPECIFIED",
        "enum": [
          "SEVERITY_LEVEL_UNSPECIFIED",
          "SEVERITY_LEVEL_DIAGNOSTIC",
          "SEVERITY_LEVEL_INFORMATIONAL",
          "SEVERITY_LEVEL_LOW",
          "SEVERITY_LEVEL_MEDIUM",
          "SEVERITY_LEVEL_HIGH"
        ]
      },
      "typeName": {
        "type": "string",
        "description": "Human-friendly type of detection. Examples: 'Potentially unwanted application' 'Trojan' 'Test file' 'TCP Port scanning attack' Deprecated in favor of enumerated type."
      },
      "uuid": {
        "type": "string",
        "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
      }
    }
  ],
  "nextPageToken": {
    "type": "string",
    "description": "Page token of next page. Empty or '' for the last page. Info: For more information, refer to Paginating Requests in APIs or https://cloud.google.com/apis/design/design_patterns#list_pagination"
  },
  "totalSize": {
    "type": "integer",
    "description": "The total count of items in the list irrespective of pagination. Info: One of the standard fields Page_size might differ for every call (it is an input parameter) so the calculation of how many pages there is in total is caller's responsibility.",
    "format": "int64"
  }
}

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]