xuyiping
/
kpt-grpc-demo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
							// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.ids.logging.v1;

import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";

option go_package = "google.golang.org/genproto/googleapis/cloud/ids/logging/v1;logging";
option java_multiple_files = true;
option java_outer_classname = "LoggingProto";
option java_package = "com.google.cloud.ids.logging.v1";

// A threat detected by Cloud IDS.
message ThreatLog {
  // Describes the type of severity of the threat.
  enum Severity {
    // Default value - should never be used.
    SEVERITY_UNSPECIFIED = 0;

    LOW = 2;

    MEDIUM = 3;

    HIGH = 4;

    CRITICAL = 5;

    INFORMATIONAL = 6;
  }

  enum Direction {
    // Default value - permitted since Direction is optional.
    DIRECTION_UNDEFINED = 0;

    // Ingress traffic.
    CLIENT_TO_SERVER = 1;

    // Egress traffic.
    SERVER_TO_CLIENT = 2;
  }

  // Name of the threat, e,g. "Suspicious HTTP Evasion"
  string name = 1;

  // Unique ID of the threat.
  string threat_id = 13;

  // The time of the alert.
  google.protobuf.Timestamp alert_time = 2;

  // Severity of threat.
  Severity alert_severity = 19;

  // The type of the threat, e.g. "Spyware".
  string type = 4;

  // Category (sub-type) of the threat, e.g. "code-execution".
  string category = 18;

  // The source IP Address of the packet, e.g. "35.191.8.79"
  string source_ip_address = 5;

  // The source port of the packet, e.g. 8080
  int32 source_port = 6;

  // The destination IP Address of the packet, e.g. "192.168.100.2"
  string destination_ip_address = 7;

  // The destination port of the packet, e.g. 100
  int32 destination_port = 8;

  // The IP protocol of the packet, e.g. "TCP".
  string ip_protocol = 9;

  // The direction of the packet - an optional field.
  Direction direction = 10;

  // ID of the Layer 4 session of the threat.
  string session_id = 14;

  // Number of sessions with same source IP, destination IP, application, and
  // type seen within 5 seconds.
  string repeat_count = 15;

  // Application associated with the session.
  string application = 16;

  // Variable field. URI or filename of the relevant threat, if applicable.
  string uri_or_filename = 17;

  // CVE IDs of the threat.
  repeated string cves = 20;

  // Details of the threat reported by the IDS VM
  string details = 11;

  // The network associated with the IDS Endpoint.
  string network = 12;
}

// Traffic detected by Cloud IDS.
// Fields taken from:
// https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields.html.
message TrafficLog {
  // Time of session start.
  google.protobuf.Timestamp start_time = 1;

  // Elapsed time of the session.
  google.protobuf.Duration elapsed_time = 2;

  // The network associated with the IDS Endpoint.
  string network = 3;

  // The source IP Address of the packet, e.g. "35.191.8.79"
  string source_ip_address = 4;

  // The source port of the packet, e.g. 8080
  int32 source_port = 5;

  // The destination IP Address of the packet, e.g. "192.168.100.2"
  string destination_ip_address = 6;

  // The destination port of the packet, e.g. 100
  int32 destination_port = 7;

  // The IP protocol of the packet, e.g. "TCP".
  string ip_protocol = 8;

  // Application associated with the session.
  string application = 9;

  // The direction of the packet.
  string session_id = 12;

  // Number of sessions with same source IP, destination IP, application, and
  // type seen within 5 seconds.
  string repeat_count = 13;

  // Total number of bytes transferred in the session.
  int64 total_bytes = 14;

  // Total number of packets transferred in the session.
  int64 total_packets = 15;
}