ESET Online Help

Search
Select the category
Select the topic

GET List quarantined objects

Relative path: /v1/quarantined-objects

List all the quarantine object matching criteria in the filter.

Query parameters

Name

Type

Description

filter.cloudOfficeTenantUuid

string

Reference to [cloud office tenant].

If filled, only objects of referred tenant are returned. If empty or null, objects of any tenant are returned.

type: cloud_office_protection.v1.CloudOfficeTenant

filter.emailInternetMessageId

string

If filled, only messages with this Message-ID would be returned.

If empty or "", messages with any Message-ID would be returned.

filter.emailRecipient

string

If given, only emails with given email address in recipients would be returned.

If empty or "", emails for all the recipients would be included in the response.

0..100 characters

filter.emailSender

string

If given, only emails from given email address would be returned.

If empty or "", all the senders would be included in the response.

0..100 characters

filter.emailSubject

string

If given, only emails subject containing this string would be returned.

If empty or "", emails with any subject would be included in the response.

0..100 characters

filter.fileName

string

If given, only quarantined files with path terminated with this string would be returned.

If empty or "", files of all the names would be returned.

filter.msSharepointRootSiteUuid

string

Reference to [Microsoft Sharepoint root site].

If filled, only objects belonging to given site or its child-sites are returned. If empty or "", objects of all the sites are returned.

type: eset.dotnod.quarantine_management.v1-alpha.MicrosoftSharepointSite

filter.msTeamsTeamUuid

string

Reference to [Microsoft Teams team].

type: eset.dotnod.quarantine_management.v1-alpha.MicrosoftTeamsTeam

filter.objectOrigin

string

Origin of the quarantined object.

If filled, only objects with given origin are returned. Objects with any origin are returned otherwise.

  • OBJECT_ORIGIN_UNSPECIFIED: fallback
  • OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365.
  • OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace.
  • OBJECT_ORIGIN_DEVICE: Object originates from a device.

filter.objectType

string

Type of quarantined object to be returned in the response.

If 0 or empty, all the types would be returned.

  • QUARANTINED_OBJECT_TYPE_UNSPECIFIED: fallback
  • QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE: Object is email message.
  • QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT: Object is email attachment.
  • QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE: Object is a file on drive.

filter.quarantineReason

string

If given, only objects quarantined for this reason would be returned.

If 0 or empty, all the reasons would be returned.

  • QUARANTINE_REASON_UNSPECIFIED: fallback
  • QUARANTINE_REASON_MALWARE: Object was identified as malware or as containing malware.
  • QUARANTINE_REASON_GRAYWARE: The object was identified as grayware, or as containing grayware. Grayware refers to potentially unwanted programs or files that, while not explicitly malicious, can negatively impact system performance or user experience.
  • QUARANTINE_REASON_PHISHING: Object (mostly email) was identified as phishing.
  • QUARANTINE_REASON_SPAM: Object (mostly email) was identified as unsolicited or spam .

filter.quarantineTime.startTime

string

Optional. Inclusive start of the interval.

If specified, a Timestamp matching this interval will have to be the same or after the start.

filter.quarantineTime.endTime

string

Optional. Exclusive end of the interval.

If specified, a Timestamp matching this interval will have to be before the end.

filter.userUuid

string

This is a reference to the user associated with the quarantined object through ownership of its storage.

If filled for a file, only the files on a cloud drive owned by the given user are included in the response.

If filled for a mail, only the files in a mailbox owned by the given user are included in the response.

If null or empty, quarantined objects associated with any user and accessible to the caller will be included in the response.

type: user_management.v1.User

pageSize

integer

Limit for pagination purposes.

If unspecified or 0, default value is 50. The maximum value is 1000; values above 1000 will be coerced to 1000.

Info: For more information, refer to Paginating Requests in APIs

or https://cloud.google.com/apis/design/design_patterns#list_pagination

pageToken

string

Page token of current page.

If not given or "", the first page is returned.

Info: For more information, refer to Paginating Requests in APIs

or https://cloud.google.com/apis/design/design_patterns#list_pagination

orderBy

string

Comma separated list fields (from the request resource).

Allowed formats are: - snake_case version of the field name as used by protocol buffers. - JSON version of the field name

Syntax is described at: https://cloud.google.com/apis/design/design_patterns#sorting_order



Responses

Display Schema instead of an Example or vice-versa

Code

Description

Example

Schema

200

A successful response.

{
  "objects": [
    {
      "cloudOfficeTenantUuid": "string",
      "cloudSandboxingStatus": "OBJECT_SCAN_STATUS_UNSPECIFIED",
      "displayName": "string",
      "email": {
        "attachments": [
          {
            "containedFiles": [
              null
            ],
            "hashSha1": "string",
            "hashSha2256": "string",
            "isReadOnly": true,
            "lastEditor": {
              "email": "string",
              "userUuid": "string",
              "userName": "string"
            },
            "origin": "OBJECT_ORIGIN_UNSPECIFIED",
            "path": "string",
            "reference": "string",
            "sizeBytes": "string",
            "storages": [
              {
                "displayName": "string",
                "msSharepointRootSiteUuid": "string",
                "archiveReference": "string",
                "cloudDriveUserUuid": "string",
                "emailReference": "string",
                "msSharepointSiteUuid": "string",
                "msTeamsTeamUuid": "string"
              }
            ]
          }
        ],
        "bodyParts": [
          {
            "containedFiles": [
              null
            ],
            "hashSha1": "string",
            "hashSha2256": "string",
            "isReadOnly": true,
            "lastEditor": {
              "email": "string",
              "userUuid": "string",
              "userName": "string"
            },
            "origin": "OBJECT_ORIGIN_UNSPECIFIED",
            "path": "string",
            "reference": "string",
            "sizeBytes": "string",
            "storages": [
              {
                "displayName": "string",
                "msSharepointRootSiteUuid": "string",
                "archiveReference": "string",
                "cloudDriveUserUuid": "string",
                "emailReference": "string",
                "msSharepointSiteUuid": "string",
                "msTeamsTeamUuid": "string"
              }
            ]
          }
        ],
        "cc": "string",
        "containedUrls": [
          "string"
        ],
        "from": "string",
        "headers": [
          "string"
        ],
        "internetMessageId": "string",
        "isReadOnly": true,
        "mailboxUserUuid": "string",
        "origin": "OBJECT_ORIGIN_UNSPECIFIED",
        "reference": "string",
        "senderIpAddress": "string",
        "subject": "string",
        "to": "string"
      },
      "file": {
        "containedFiles": [
          null
        ],
        "hashSha1": "string",
        "hashSha2256": "string",
        "isReadOnly": true,
        "lastEditor": {
          "email": "string",
          "userUuid": "string",
          "userName": "string"
        },
        "origin": "OBJECT_ORIGIN_UNSPECIFIED",
        "path": "string",
        "reference": "string",
        "sizeBytes": "string",
        "storages": [
          {
            "displayName": "string",
            "msSharepointRootSiteUuid": "string",
            "archiveReference": "string",
            "cloudDriveUserUuid": "string",
            "emailReference": "string",
            "msSharepointSiteUuid": "string",
            "msTeamsTeamUuid": "string"
          }
        ]
      },
      "graywareScanStatus": "OBJECT_SCAN_STATUS_UNSPECIFIED",
      "isExcludable": true,
      "isRestorable": true,
      "malwareScanStatus": "OBJECT_SCAN_STATUS_UNSPECIFIED",
      "objectOrigin": "OBJECT_ORIGIN_UNSPECIFIED",
      "phishingScanStatus": "OBJECT_SCAN_STATUS_UNSPECIFIED",
      "quarantineReason": "QUARANTINE_REASON_UNSPECIFIED",
      "quarantineTime": "string",
      "scanResults": [
        {
          "@type": "string"
        }
      ],
      "sizeBytes": "string",
      "spamScanStatus": "OBJECT_SCAN_STATUS_UNSPECIFIED",
      "type": "QUARANTINED_OBJECT_TYPE_UNSPECIFIED",
      "uuid": "string"
    }
  ],
  "nextPageToken": "string"
}
{
  "$ref": "v1ListQuarantinedObjectsResponse",
  "objects": [
    {
      "$ref": "v1QuarantinedObject",
      "description": "Descriptor of quarantined object.",
      "cloudOfficeTenantUuid": {
        "type": "string",
        "description": "Reference to [cloud office tenant]. type: cloud_office_protection.v1.CloudOfficeTenant"
      },
      "cloudSandboxingStatus": {
        "$ref": "v1ObjectScanStatus",
        "type": "string",
        "description": "Defines possible statuses of object scan. OBJECT_SCAN_STATUS_UNSPECIFIED: fallback OBJECT_SCAN_STATUS_NOT_SCANNED: Object was not scanned for various reasons. some objects are not suitable for certain scans (e.g. file is not suitable for spam scan) scan was not performed due to an failure an object was excluded from the classification explicitly by exclusions. OBJECT_SCAN_STATUS_POSITIVE_RESULT: Object was scanned with positive result. This means: - the spam was detected in an email scan. - phishing was detected in a phishing scan. - malware was detected in a malware scan. and so on. - OBJECT_SCAN_STATUS_NEGATIVE_RESULT: Object was scanned with negative result, what means the object is clean.",
        "default": "OBJECT_SCAN_STATUS_UNSPECIFIED",
        "enum": [
          "OBJECT_SCAN_STATUS_UNSPECIFIED",
          "OBJECT_SCAN_STATUS_NOT_SCANNED",
          "OBJECT_SCAN_STATUS_POSITIVE_RESULT",
          "OBJECT_SCAN_STATUS_NEGATIVE_RESULT"
        ]
      },
      "displayName": {
        "type": "string",
        "description": "Human readable name of the quarantined object."
      },
      "email": {
        "$ref": "v1Email",
        "attachments": [
          {
            "$ref": "v1File",
            "description": "Describes file. File can be contained within other structures, such as email (attachment), archive or Miscrosoft Sharepoint Site. Those structures form parents of the file.",
            "containedFiles": [
              {
                "$ref": "v1File"
              }
            ],
            "hashSha1": {
              "type": "string",
              "description": "SHA-1 (Secure Hash Algorithm 1) digest of file's content."
            },
            "hashSha2256": {
              "type": "string",
              "description": "SHA-2 256 (Secure Hash Algorithm 2) 256 digest of file's content."
            },
            "isReadOnly": {
              "type": "boolean",
              "description": "True if the scanned object was read-only and cannot be modified/cleaned/deleted."
            },
            "lastEditor": {
              "$ref": "v1ObjectEditor",
              "description": "Details of user who edited an object.",
              "email": {
                "type": "string",
                "description": "Email of the user."
              },
              "userUuid": {
                "type": "string",
                "description": "Reference to [user]. type: _draft.User"
              },
              "userName": {
                "type": "string",
                "description": "Name of the user (e.g. login)."
              }
            },
            "origin": {
              "$ref": "v1ObjectOrigin",
              "type": "string",
              "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.",
              "default": "OBJECT_ORIGIN_UNSPECIFIED",
              "enum": [
                "OBJECT_ORIGIN_UNSPECIFIED",
                "OBJECT_ORIGIN_MS_OFFICE365",
                "OBJECT_ORIGIN_GOOGLE_WORKSPACE",
                "OBJECT_ORIGIN_DEVICE"
              ]
            },
            "path": {
              "type": "string",
              "description": "File path. Absolute path is absolute within storage. For example: /documents/trip.xml might be absolute within Microsoft Sharepoint Site."
            },
            "reference": {
              "type": "string",
              "description": "How the file is referred to. Files can be hosted in various systems with different types of indexing (e.g. URI, UUID, etc.). Object reference must be unique within one parent object (e,g, email or archive) to ensure referential integrity. Optimally, the reference should be universally unique identifier. That prevents from ambiguities during pairing of the object with scan results with actions."
            },
            "sizeBytes": {
              "type": "string",
              "description": "File size in bytes.",
              "format": "uint64"
            },
            "storages": [
              {
                "$ref": "v1FileStorage",
                "description": "File storage represents a different storage location. This could include email, archive, Microsoft Sharepoint Site, Hyper-V Volume, etc. File path is relative to this storage.",
                "displayName": {
                  "type": "string",
                  "description": "Human readable name of the storage. For example, a name of Microsoft Teams Team or name the archive file."
                },
                "msSharepointRootSiteUuid": {
                  "type": "string",
                  "description": "Reference to [Microsoft Sharepoint root site]. Only valid if the object originates in Sharepoint site. type: quarantine_management.v1-alpha.MicrosoftSharepointSite"
                },
                "archiveReference": {
                  "type": "string",
                  "description": "Reference to the archive containing the file. Can be an URL or path to the parent archive."
                },
                "cloudDriveUserUuid": {
                  "type": "string",
                  "description": "If the file resides in the cloud on a cloud drive (for example, Google Drive or Microsoft OneDrive), this attribute references the user who owns that drive. type: user_management.v1.User"
                },
                "emailReference": {
                  "type": "string",
                  "description": "Reference to the email containing the file. The file itself can be part of the email body, an email attachment, or part of an attached archive."
                },
                "msSharepointSiteUuid": {
                  "type": "string",
                  "description": "Reference to [Microsoft Sharepoint site]. type: quarantine_management.v1-alpha.MicrosoftSharepointSite"
                },
                "msTeamsTeamUuid": {
                  "type": "string",
                  "description": "Reference to [Microsoft Teams team]. type: quarantine_management.v1-alpha.MicrosoftTeamsTeam"
                }
              }
            ]
          }
        ],
        "bodyParts": [
          {
            "$ref": "v1File",
            "description": "Describes file. File can be contained within other structures, such as email (attachment), archive or Miscrosoft Sharepoint Site. Those structures form parents of the file.",
            "containedFiles": [
              {
                "$ref": "v1File"
              }
            ],
            "hashSha1": {
              "type": "string",
              "description": "SHA-1 (Secure Hash Algorithm 1) digest of file's content."
            },
            "hashSha2256": {
              "type": "string",
              "description": "SHA-2 256 (Secure Hash Algorithm 2) 256 digest of file's content."
            },
            "isReadOnly": {
              "type": "boolean",
              "description": "True if the scanned object was read-only and cannot be modified/cleaned/deleted."
            },
            "lastEditor": {
              "$ref": "v1ObjectEditor",
              "description": "Details of user who edited an object.",
              "email": {
                "type": "string",
                "description": "Email of the user."
              },
              "userUuid": {
                "type": "string",
                "description": "Reference to [user]. type: _draft.User"
              },
              "userName": {
                "type": "string",
                "description": "Name of the user (e.g. login)."
              }
            },
            "origin": {
              "$ref": "v1ObjectOrigin",
              "type": "string",
              "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.",
              "default": "OBJECT_ORIGIN_UNSPECIFIED",
              "enum": [
                "OBJECT_ORIGIN_UNSPECIFIED",
                "OBJECT_ORIGIN_MS_OFFICE365",
                "OBJECT_ORIGIN_GOOGLE_WORKSPACE",
                "OBJECT_ORIGIN_DEVICE"
              ]
            },
            "path": {
              "type": "string",
              "description": "File path. Absolute path is absolute within storage. For example: /documents/trip.xml might be absolute within Microsoft Sharepoint Site."
            },
            "reference": {
              "type": "string",
              "description": "How the file is referred to. Files can be hosted in various systems with different types of indexing (e.g. URI, UUID, etc.). Object reference must be unique within one parent object (e,g, email or archive) to ensure referential integrity. Optimally, the reference should be universally unique identifier. That prevents from ambiguities during pairing of the object with scan results with actions."
            },
            "sizeBytes": {
              "type": "string",
              "description": "File size in bytes.",
              "format": "uint64"
            },
            "storages": [
              {
                "$ref": "v1FileStorage",
                "description": "File storage represents a different storage location. This could include email, archive, Microsoft Sharepoint Site, Hyper-V Volume, etc. File path is relative to this storage.",
                "displayName": {
                  "type": "string",
                  "description": "Human readable name of the storage. For example, a name of Microsoft Teams Team or name the archive file."
                },
                "msSharepointRootSiteUuid": {
                  "type": "string",
                  "description": "Reference to [Microsoft Sharepoint root site]. Only valid if the object originates in Sharepoint site. type: quarantine_management.v1-alpha.MicrosoftSharepointSite"
                },
                "archiveReference": {
                  "type": "string",
                  "description": "Reference to the archive containing the file. Can be an URL or path to the parent archive."
                },
                "cloudDriveUserUuid": {
                  "type": "string",
                  "description": "If the file resides in the cloud on a cloud drive (for example, Google Drive or Microsoft OneDrive), this attribute references the user who owns that drive. type: user_management.v1.User"
                },
                "emailReference": {
                  "type": "string",
                  "description": "Reference to the email containing the file. The file itself can be part of the email body, an email attachment, or part of an attached archive."
                },
                "msSharepointSiteUuid": {
                  "type": "string",
                  "description": "Reference to [Microsoft Sharepoint site]. type: quarantine_management.v1-alpha.MicrosoftSharepointSite"
                },
                "msTeamsTeamUuid": {
                  "type": "string",
                  "description": "Reference to [Microsoft Teams team]. type: quarantine_management.v1-alpha.MicrosoftTeamsTeam"
                }
              }
            ]
          }
        ],
        "cc": {
          "type": "string",
          "description": "Carbon copy recipient(s) of the email."
        },
        "containedUrls": [
          {
            "type": "string"
          }
        ],
        "from": {
          "type": "string",
          "description": "Sender(s) of the email."
        },
        "headers": [
          {
            "type": "string"
          }
        ],
        "internetMessageId": {
          "title": "Unique identifier of the message according to https://en.wikipedia.org/wiki/Message-ID",
          "type": "string"
        },
        "isReadOnly": {
          "type": "boolean",
          "description": "True if the scanned object was read-only and cannot be modified/cleaned/deleted."
        },
        "mailboxUserUuid": {
          "type": "string",
          "description": "Reference to the user who owns the mailbox, if the email can be associated with a mailbox. If the email cannot be associated with a mailbox, this will be empty. type: user_management.v1.User"
        },
        "origin": {
          "$ref": "v1ObjectOrigin",
          "type": "string",
          "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.",
          "default": "OBJECT_ORIGIN_UNSPECIFIED",
          "enum": [
            "OBJECT_ORIGIN_UNSPECIFIED",
            "OBJECT_ORIGIN_MS_OFFICE365",
            "OBJECT_ORIGIN_GOOGLE_WORKSPACE",
            "OBJECT_ORIGIN_DEVICE"
          ]
        },
        "reference": {
          "type": "string",
          "description": "How the email is referred to. Emails can be sourced in various systems with different types of indexing (e.g. URI, UUID, etc.). Object reference must be unique within one parent object (e,g, email or archive) to ensure referential integrity or the scope of protection (e.g. one account). For example: - Outlook email can be referenced by EntryID (or SearchKey) - Exchange email can be referenced by combination of Timestamp | Subject | Sender fields. Info: Optimally, the reference should be universally unique identifier. That prevents from ambiguities during pairing of the object with scan results with actions. This might, however, be substantially difficult to achieve in distributed email-system, where the id-issuing authority is out of our reach and might be spoofed by e.g. spammers."
        },
        "senderIpAddress": {
          "type": "string",
          "description": "IP address of the sender. Might be IPv4 or IPv6."
        },
        "subject": {
          "type": "string",
          "description": "Subject of the email."
        },
        "to": {
          "type": "string",
          "description": "Recipient(s) of the email."
        }
      },
      "file": {
        "$ref": "v1File",
        "description": "Describes file. File can be contained within other structures, such as email (attachment), archive or Miscrosoft Sharepoint Site. Those structures form parents of the file.",
        "containedFiles": [
          {
            "$ref": "v1File"
          }
        ],
        "hashSha1": {
          "type": "string",
          "description": "SHA-1 (Secure Hash Algorithm 1) digest of file's content."
        },
        "hashSha2256": {
          "type": "string",
          "description": "SHA-2 256 (Secure Hash Algorithm 2) 256 digest of file's content."
        },
        "isReadOnly": {
          "type": "boolean",
          "description": "True if the scanned object was read-only and cannot be modified/cleaned/deleted."
        },
        "lastEditor": {
          "$ref": "v1ObjectEditor",
          "description": "Details of user who edited an object.",
          "email": {
            "type": "string",
            "description": "Email of the user."
          },
          "userUuid": {
            "type": "string",
            "description": "Reference to [user]. type: _draft.User"
          },
          "userName": {
            "type": "string",
            "description": "Name of the user (e.g. login)."
          }
        },
        "origin": {
          "$ref": "v1ObjectOrigin",
          "type": "string",
          "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.",
          "default": "OBJECT_ORIGIN_UNSPECIFIED",
          "enum": [
            "OBJECT_ORIGIN_UNSPECIFIED",
            "OBJECT_ORIGIN_MS_OFFICE365",
            "OBJECT_ORIGIN_GOOGLE_WORKSPACE",
            "OBJECT_ORIGIN_DEVICE"
          ]
        },
        "path": {
          "type": "string",
          "description": "File path. Absolute path is absolute within storage. For example: /documents/trip.xml might be absolute within Microsoft Sharepoint Site."
        },
        "reference": {
          "type": "string",
          "description": "How the file is referred to. Files can be hosted in various systems with different types of indexing (e.g. URI, UUID, etc.). Object reference must be unique within one parent object (e,g, email or archive) to ensure referential integrity. Optimally, the reference should be universally unique identifier. That prevents from ambiguities during pairing of the object with scan results with actions."
        },
        "sizeBytes": {
          "type": "string",
          "description": "File size in bytes.",
          "format": "uint64"
        },
        "storages": [
          {
            "$ref": "v1FileStorage",
            "description": "File storage represents a different storage location. This could include email, archive, Microsoft Sharepoint Site, Hyper-V Volume, etc. File path is relative to this storage.",
            "displayName": {
              "type": "string",
              "description": "Human readable name of the storage. For example, a name of Microsoft Teams Team or name the archive file."
            },
            "msSharepointRootSiteUuid": {
              "type": "string",
              "description": "Reference to [Microsoft Sharepoint root site]. Only valid if the object originates in Sharepoint site. type: quarantine_management.v1-alpha.MicrosoftSharepointSite"
            },
            "archiveReference": {
              "type": "string",
              "description": "Reference to the archive containing the file. Can be an URL or path to the parent archive."
            },
            "cloudDriveUserUuid": {
              "type": "string",
              "description": "If the file resides in the cloud on a cloud drive (for example, Google Drive or Microsoft OneDrive), this attribute references the user who owns that drive. type: user_management.v1.User"
            },
            "emailReference": {
              "type": "string",
              "description": "Reference to the email containing the file. The file itself can be part of the email body, an email attachment, or part of an attached archive."
            },
            "msSharepointSiteUuid": {
              "type": "string",
              "description": "Reference to [Microsoft Sharepoint site]. type: quarantine_management.v1-alpha.MicrosoftSharepointSite"
            },
            "msTeamsTeamUuid": {
              "type": "string",
              "description": "Reference to [Microsoft Teams team]. type: quarantine_management.v1-alpha.MicrosoftTeamsTeam"
            }
          }
        ]
      },
      "graywareScanStatus": {
        "$ref": "v1ObjectScanStatus",
        "type": "string",
        "description": "Defines possible statuses of object scan. OBJECT_SCAN_STATUS_UNSPECIFIED: fallback OBJECT_SCAN_STATUS_NOT_SCANNED: Object was not scanned for various reasons. some objects are not suitable for certain scans (e.g. file is not suitable for spam scan) scan was not performed due to an failure an object was excluded from the classification explicitly by exclusions. OBJECT_SCAN_STATUS_POSITIVE_RESULT: Object was scanned with positive result. This means: - the spam was detected in an email scan. - phishing was detected in a phishing scan. - malware was detected in a malware scan. and so on. - OBJECT_SCAN_STATUS_NEGATIVE_RESULT: Object was scanned with negative result, what means the object is clean.",
        "default": "OBJECT_SCAN_STATUS_UNSPECIFIED",
        "enum": [
          "OBJECT_SCAN_STATUS_UNSPECIFIED",
          "OBJECT_SCAN_STATUS_NOT_SCANNED",
          "OBJECT_SCAN_STATUS_POSITIVE_RESULT",
          "OBJECT_SCAN_STATUS_NEGATIVE_RESULT"
        ]
      },
      "isExcludable": {
        "type": "boolean",
        "description": "True if the object can be excluded from further scanning."
      },
      "isRestorable": {
        "type": "boolean",
        "description": "True if the object can be restored to its original location."
      },
      "malwareScanStatus": {
        "$ref": "v1ObjectScanStatus",
        "type": "string",
        "description": "Defines possible statuses of object scan. OBJECT_SCAN_STATUS_UNSPECIFIED: fallback OBJECT_SCAN_STATUS_NOT_SCANNED: Object was not scanned for various reasons. some objects are not suitable for certain scans (e.g. file is not suitable for spam scan) scan was not performed due to an failure an object was excluded from the classification explicitly by exclusions. OBJECT_SCAN_STATUS_POSITIVE_RESULT: Object was scanned with positive result. This means: - the spam was detected in an email scan. - phishing was detected in a phishing scan. - malware was detected in a malware scan. and so on. - OBJECT_SCAN_STATUS_NEGATIVE_RESULT: Object was scanned with negative result, what means the object is clean.",
        "default": "OBJECT_SCAN_STATUS_UNSPECIFIED",
        "enum": [
          "OBJECT_SCAN_STATUS_UNSPECIFIED",
          "OBJECT_SCAN_STATUS_NOT_SCANNED",
          "OBJECT_SCAN_STATUS_POSITIVE_RESULT",
          "OBJECT_SCAN_STATUS_NEGATIVE_RESULT"
        ]
      },
      "objectOrigin": {
        "$ref": "v1ObjectOrigin",
        "type": "string",
        "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.",
        "default": "OBJECT_ORIGIN_UNSPECIFIED",
        "enum": [
          "OBJECT_ORIGIN_UNSPECIFIED",
          "OBJECT_ORIGIN_MS_OFFICE365",
          "OBJECT_ORIGIN_GOOGLE_WORKSPACE",
          "OBJECT_ORIGIN_DEVICE"
        ]
      },
      "phishingScanStatus": {
        "$ref": "v1ObjectScanStatus",
        "type": "string",
        "description": "Defines possible statuses of object scan. OBJECT_SCAN_STATUS_UNSPECIFIED: fallback OBJECT_SCAN_STATUS_NOT_SCANNED: Object was not scanned for various reasons. some objects are not suitable for certain scans (e.g. file is not suitable for spam scan) scan was not performed due to an failure an object was excluded from the classification explicitly by exclusions. OBJECT_SCAN_STATUS_POSITIVE_RESULT: Object was scanned with positive result. This means: - the spam was detected in an email scan. - phishing was detected in a phishing scan. - malware was detected in a malware scan. and so on. - OBJECT_SCAN_STATUS_NEGATIVE_RESULT: Object was scanned with negative result, what means the object is clean.",
        "default": "OBJECT_SCAN_STATUS_UNSPECIFIED",
        "enum": [
          "OBJECT_SCAN_STATUS_UNSPECIFIED",
          "OBJECT_SCAN_STATUS_NOT_SCANNED",
          "OBJECT_SCAN_STATUS_POSITIVE_RESULT",
          "OBJECT_SCAN_STATUS_NEGATIVE_RESULT"
        ]
      },
      "quarantineReason": {
        "$ref": "v1QuarantineReason",
        "type": "string",
        "description": "Reasons for object being quarantined. QUARANTINE_REASON_UNSPECIFIED: fallback QUARANTINE_REASON_MALWARE: Object was identified as malware or as containing malware. QUARANTINE_REASON_GRAYWARE: The object was identified as grayware, or as containing grayware. Grayware refers to potentially unwanted programs or files that, while not explicitly malicious, can negatively impact system performance or user experience. QUARANTINE_REASON_PHISHING: Object (mostly email) was identified as phishing. QUARANTINE_REASON_SPAM: Object (mostly email) was identified as unsolicited or spam .",
        "default": "QUARANTINE_REASON_UNSPECIFIED",
        "enum": [
          "QUARANTINE_REASON_UNSPECIFIED",
          "QUARANTINE_REASON_MALWARE",
          "QUARANTINE_REASON_GRAYWARE",
          "QUARANTINE_REASON_PHISHING",
          "QUARANTINE_REASON_SPAM"
        ]
      },
      "quarantineTime": {
        "type": "string",
        "description": "Time when the object was quarantined.",
        "format": "date-time"
      },
      "scanResults": [
        {
          "$ref": "protobufAny",
          "description": "Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example 'foo.bar.com/x/y.z' will yield type name 'y.z'. JSON The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { '@type': 'type.googleapis.com/google.profile.Person', 'firstName': <string>, 'lastName': <string> } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): { '@type': 'type.googleapis.com/google.protobuf.Duration', 'value': '1.212s' }",
          "@type": {
            "type": "string",
            "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one '/' character. The last segment of the URL's path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading '.' is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: If no scheme is provided, https is assumed. An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics."
          }
        }
      ],
      "sizeBytes": {
        "type": "string",
        "description": "Size of the quarantined object in bytes.",
        "format": "uint64"
      },
      "spamScanStatus": {
        "$ref": "v1ObjectScanStatus",
        "type": "string",
        "description": "Defines possible statuses of object scan. OBJECT_SCAN_STATUS_UNSPECIFIED: fallback OBJECT_SCAN_STATUS_NOT_SCANNED: Object was not scanned for various reasons. some objects are not suitable for certain scans (e.g. file is not suitable for spam scan) scan was not performed due to an failure an object was excluded from the classification explicitly by exclusions. OBJECT_SCAN_STATUS_POSITIVE_RESULT: Object was scanned with positive result. This means: - the spam was detected in an email scan. - phishing was detected in a phishing scan. - malware was detected in a malware scan. and so on. - OBJECT_SCAN_STATUS_NEGATIVE_RESULT: Object was scanned with negative result, what means the object is clean.",
        "default": "OBJECT_SCAN_STATUS_UNSPECIFIED",
        "enum": [
          "OBJECT_SCAN_STATUS_UNSPECIFIED",
          "OBJECT_SCAN_STATUS_NOT_SCANNED",
          "OBJECT_SCAN_STATUS_POSITIVE_RESULT",
          "OBJECT_SCAN_STATUS_NEGATIVE_RESULT"
        ]
      },
      "type": {
        "$ref": "v1QuarantinedObjectType",
        "type": "string",
        "description": "Possible types of object. QUARANTINED_OBJECT_TYPE_UNSPECIFIED: fallback QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE: Object is email message. QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT: Object is email attachment. QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE: Object is a file on drive.",
        "default": "QUARANTINED_OBJECT_TYPE_UNSPECIFIED",
        "enum": [
          "QUARANTINED_OBJECT_TYPE_UNSPECIFIED",
          "QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE",
          "QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT",
          "QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE"
        ]
      },
      "uuid": {
        "type": "string",
        "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
      }
    }
  ],
  "nextPageToken": {
    "type": "string",
    "description": "Page token of next page. Empty or '' for the last page. Info: For more information, refer to Paginating Requests in APIs or https://cloud.google.com/apis/design/design_patterns#list_pagination"
  }
}

default

An unexpected error response.

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}
{
  "$ref": "rpcStatus",
  "code": {
    "type": "integer",
    "format": "int32"
  },
  "message": {
    "type": "string"
  },
  "details": [
    {
      "$ref": "protobufAny",
      "description": "Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example 'foo.bar.com/x/y.z' will yield type name 'y.z'. JSON The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { '@type': 'type.googleapis.com/google.profile.Person', 'firstName': <string>, 'lastName': <string> } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): { '@type': 'type.googleapis.com/google.protobuf.Duration', 'value': '1.212s' }",
      "@type": {
        "type": "string",
        "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one '/' character. The last segment of the URL's path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading '.' is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: If no scheme is provided, https is assumed. An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics."
      }
    }
  ]
}

202

Response took too long and the request was cached.

null
[]