G Suite Alert Center API . alerts

Instance Methods

feedback()

Returns the feedback Resource.

batchDelete(body=None, x__xgafv=None)

Performs batch delete operation on alerts.

batchUndelete(body=None, x__xgafv=None)

Performs batch undelete operation on alerts.

delete(alertId=*, customerId=None, x__xgafv=None)

Marks the specified alert for deletion. An alert that has been marked for

get(alertId=*, customerId=None, x__xgafv=None)

Gets the specified alert. Attempting to get a nonexistent alert returns

getMetadata(alertId=*, customerId=None, x__xgafv=None)

Returns the metadata of an alert. Attempting to get metadata for

list(orderBy=None, pageSize=None, pageToken=None, customerId=None, x__xgafv=None, filter=None)

Lists the alerts.

list_next(previous_request=*, previous_response=*)

Retrieves the next page of results.

undelete(alertId=*, body=None, x__xgafv=None)

Restores, or "undeletes", an alert that was marked for deletion within the

Method Details

batchDelete(body=None, x__xgafv=None)
Performs batch delete operation on alerts.

Args:
  body: object, The request body.
    The object takes the form of:

{ # A request to perform batch delete on alerts.
    "customerId": "A String", # Optional. The unique identifier of the G Suite organization account of the
        # customer the alerts are associated with.
    "alertId": [ # Required. list of alert IDs.
      "A String",
    ],
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response to batch delete operation on alerts.
    "failedAlertStatus": { # The status details for each failed alert_id.
      "a_key": { # The `Status` type defines a logical error model that is suitable for
          # different programming environments, including REST APIs and RPC APIs. It is
          # used by [gRPC](https://github.com/grpc). Each `Status` message contains
          # three pieces of data: error code, error message, and error details.
          #
          # You can find out more about this error model and how to work with it in the
          # [API Design Guide](https://cloud.google.com/apis/design/errors).
        "message": "A String", # A developer-facing error message, which should be in English. Any
            # user-facing error message should be localized and sent in the
            # google.rpc.Status.details field, or localized by the client.
        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
        "details": [ # A list of messages that carry the error details.  There is a common set of
            # message types for APIs to use.
          {
            "a_key": "", # Properties of the object. Contains field @type with type URL.
          },
        ],
      },
    },
    "successAlertIds": [ # The successful list of alert IDs.
      "A String",
    ],
  }
batchUndelete(body=None, x__xgafv=None)
Performs batch undelete operation on alerts.

Args:
  body: object, The request body.
    The object takes the form of:

{ # A request to perform batch undelete on alerts.
    "customerId": "A String", # Optional. The unique identifier of the G Suite organization account of the
        # customer the alerts are associated with.
    "alertId": [ # Required. list of alert IDs.
      "A String",
    ],
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response to batch undelete operation on alerts.
    "failedAlertStatus": { # The status details for each failed alert_id.
      "a_key": { # The `Status` type defines a logical error model that is suitable for
          # different programming environments, including REST APIs and RPC APIs. It is
          # used by [gRPC](https://github.com/grpc). Each `Status` message contains
          # three pieces of data: error code, error message, and error details.
          #
          # You can find out more about this error model and how to work with it in the
          # [API Design Guide](https://cloud.google.com/apis/design/errors).
        "message": "A String", # A developer-facing error message, which should be in English. Any
            # user-facing error message should be localized and sent in the
            # google.rpc.Status.details field, or localized by the client.
        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
        "details": [ # A list of messages that carry the error details.  There is a common set of
            # message types for APIs to use.
          {
            "a_key": "", # Properties of the object. Contains field @type with type URL.
          },
        ],
      },
    },
    "successAlertIds": [ # The successful list of alert IDs.
      "A String",
    ],
  }
delete(alertId=*, customerId=None, x__xgafv=None)
Marks the specified alert for deletion. An alert that has been marked for
deletion is removed from Alert Center after 30 days.
Marking an alert for deletion has no effect on an alert which has
already been marked for deletion. Attempting to mark a nonexistent alert
for deletion results in a `NOT_FOUND` error.

Args:
  alertId: string, Required. The identifier of the alert to delete. (required)
  customerId: string, Optional. The unique identifier of the G Suite organization account of the
customer the alert is associated with.
Inferred from the caller identity if not provided.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A generic empty message that you can re-use to avoid defining duplicated
      # empty messages in your APIs. A typical example is to use it as the request
      # or the response type of an API method. For instance:
      #
      #     service Foo {
      #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
      #     }
      #
      # The JSON representation for `Empty` is empty JSON object `{}`.
  }
get(alertId=*, customerId=None, x__xgafv=None)
Gets the specified alert. Attempting to get a nonexistent alert returns
`NOT_FOUND` error.

Args:
  alertId: string, Required. The identifier of the alert to retrieve. (required)
  customerId: string, Optional. The unique identifier of the G Suite organization account of the
customer the alert is associated with.
Inferred from the caller identity if not provided.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An alert affecting a customer.
    "updateTime": "A String", # Output only. The time this alert was last updated.
    "endTime": "A String", # Optional. The time the event that caused this alert ceased being active.
        # If provided, the end time must not be earlier than the start time.
        # If not provided, it indicates an ongoing alert.
    "alertId": "A String", # Output only. The unique identifier for the alert.
    "deleted": True or False, # Output only. `True` if this alert is marked for deletion.
    "data": { # Optional. The data associated with this alert, for example
        # google.apps.alertcenter.type.DeviceCompromised.
      "a_key": "", # Properties of the object. Contains field @type with type URL.
    },
    "createTime": "A String", # Output only. The time this alert was created.
    "source": "A String", # Required. A unique identifier for the system that reported the alert.
        # This is output only after alert is created.
        #
        # Supported sources are any of the following:
        #
        # * Google Operations
        # * Mobile device management
        # * Gmail phishing
        # * Domain wide takeout
        # * State sponsored attack
        # * Google identity
    "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to help
        # prevent simultaneous updates of an alert from overwriting each other.
        # It is strongly suggested that systems make use of the `etag` in the
        # read-modify-write cycle to perform alert updates in order to avoid race
        # conditions: An `etag` is returned in the response which contains alerts,
        # and systems are expected to put that etag in the request to update alert to
        # ensure that their change will be applied to the same version of the alert.
        #
        # If no `etag` is provided in the call to update alert, then the existing
        # alert is overwritten blindly.
    "startTime": "A String", # Required. The time the event that caused this alert was started or
        # detected.
    "metadata": { # An alert metadata. # Output only. The metadata associated with this alert.
      "status": "A String", # The current status of the alert.
          # The supported values are the following:
          #
          # * NOT_STARTED
          # * IN_PROGRESS
          # * CLOSED
      "updateTime": "A String", # Output only. The time this metadata was last updated.
      "severity": "A String", # The severity value of the alert. Alert Center will set this field at alert
          # creation time, default's to an empty string when it could not be
          # determined.
          # The supported values for update actions on this field are the following:
          #
          # * HIGH
          # * MEDIUM
          # * LOW
      "alertId": "A String", # Output only. The alert identifier.
      "assignee": "A String", # The email address of the user assigned to the alert.
      "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to
          # help prevent simultaneous updates of an alert metadata from overwriting
          # each other. It is strongly suggested that systems make use of the `etag` in
          # the read-modify-write cycle to perform metatdata updates in order to avoid
          # race conditions: An `etag` is returned in the response which contains alert
          # metadata, and systems are expected to put that etag in the request to
          # update alert metadata to ensure that their change will be applied to the
          # same version of the alert metadata.
          #
          # If no `etag` is provided in the call to update alert metadata, then the
          # existing alert metadata is overwritten blindly.
      "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
    },
    "type": "A String", # Required. The type of the alert.
        # This is output only after alert is created.
        # For a list of available alert types see
        # [G Suite Alert types](/admin-sdk/alertcenter/reference/alert-types).
    "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
    "securityInvestigationToolLink": "A String", # Output only. An optional
        # [Security Investigation Tool](https://support.google.com/a/answer/7575955)
        # query for this alert.
  }
getMetadata(alertId=*, customerId=None, x__xgafv=None)
Returns the metadata of an alert. Attempting to get metadata for
a non-existent alert returns `NOT_FOUND` error.

Args:
  alertId: string, Required. The identifier of the alert this metadata belongs to. (required)
  customerId: string, Optional. The unique identifier of the G Suite organization account of the
customer the alert metadata is associated with.
Inferred from the caller identity if not provided.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An alert metadata.
    "status": "A String", # The current status of the alert.
        # The supported values are the following:
        #
        # * NOT_STARTED
        # * IN_PROGRESS
        # * CLOSED
    "updateTime": "A String", # Output only. The time this metadata was last updated.
    "severity": "A String", # The severity value of the alert. Alert Center will set this field at alert
        # creation time, default's to an empty string when it could not be
        # determined.
        # The supported values for update actions on this field are the following:
        #
        # * HIGH
        # * MEDIUM
        # * LOW
    "alertId": "A String", # Output only. The alert identifier.
    "assignee": "A String", # The email address of the user assigned to the alert.
    "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to
        # help prevent simultaneous updates of an alert metadata from overwriting
        # each other. It is strongly suggested that systems make use of the `etag` in
        # the read-modify-write cycle to perform metatdata updates in order to avoid
        # race conditions: An `etag` is returned in the response which contains alert
        # metadata, and systems are expected to put that etag in the request to
        # update alert metadata to ensure that their change will be applied to the
        # same version of the alert metadata.
        #
        # If no `etag` is provided in the call to update alert metadata, then the
        # existing alert metadata is overwritten blindly.
    "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
  }
list(orderBy=None, pageSize=None, pageToken=None, customerId=None, x__xgafv=None, filter=None)
Lists the alerts.

Args:
  orderBy: string, Optional. The sort order of the list results.
If not specified results may be returned in arbitrary order.
You can sort the results in descending order based on the creation
timestamp using `order_by="create_time desc"`.
Currently, supported sorting are `create_time asc`, `create_time desc`,
`update_time desc`
  pageSize: integer, Optional. The requested page size. Server may return fewer items than
requested. If unspecified, server picks an appropriate default.
  pageToken: string, Optional. A token identifying a page of results the server should return.
If empty, a new iteration is started. To continue an iteration, pass in
the value from the previous ListAlertsResponse's
next_page_token field.
  customerId: string, Optional. The unique identifier of the G Suite organization account of the
customer the alerts are associated with.
Inferred from the caller identity if not provided.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format
  filter: string, Optional. A query string for filtering alert results.
For more details, see [Query
filters](/admin-sdk/alertcenter/guides/query-filters) and [Supported
query filter
fields](/admin-sdk/alertcenter/reference/filter-fields#alerts.list).

Returns:
  An object of the form:

    { # Response message for an alert listing request.
    "nextPageToken": "A String", # The token for the next page. If not empty, indicates that there may be more
        # alerts that match the listing request; this value can be used in a
        # subsequent ListAlertsRequest to get alerts continuing from last result
        # of the current list call.
    "alerts": [ # The list of alerts.
      { # An alert affecting a customer.
        "updateTime": "A String", # Output only. The time this alert was last updated.
        "endTime": "A String", # Optional. The time the event that caused this alert ceased being active.
            # If provided, the end time must not be earlier than the start time.
            # If not provided, it indicates an ongoing alert.
        "alertId": "A String", # Output only. The unique identifier for the alert.
        "deleted": True or False, # Output only. `True` if this alert is marked for deletion.
        "data": { # Optional. The data associated with this alert, for example
            # google.apps.alertcenter.type.DeviceCompromised.
          "a_key": "", # Properties of the object. Contains field @type with type URL.
        },
        "createTime": "A String", # Output only. The time this alert was created.
        "source": "A String", # Required. A unique identifier for the system that reported the alert.
            # This is output only after alert is created.
            #
            # Supported sources are any of the following:
            #
            # * Google Operations
            # * Mobile device management
            # * Gmail phishing
            # * Domain wide takeout
            # * State sponsored attack
            # * Google identity
        "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to help
            # prevent simultaneous updates of an alert from overwriting each other.
            # It is strongly suggested that systems make use of the `etag` in the
            # read-modify-write cycle to perform alert updates in order to avoid race
            # conditions: An `etag` is returned in the response which contains alerts,
            # and systems are expected to put that etag in the request to update alert to
            # ensure that their change will be applied to the same version of the alert.
            #
            # If no `etag` is provided in the call to update alert, then the existing
            # alert is overwritten blindly.
        "startTime": "A String", # Required. The time the event that caused this alert was started or
            # detected.
        "metadata": { # An alert metadata. # Output only. The metadata associated with this alert.
          "status": "A String", # The current status of the alert.
              # The supported values are the following:
              #
              # * NOT_STARTED
              # * IN_PROGRESS
              # * CLOSED
          "updateTime": "A String", # Output only. The time this metadata was last updated.
          "severity": "A String", # The severity value of the alert. Alert Center will set this field at alert
              # creation time, default's to an empty string when it could not be
              # determined.
              # The supported values for update actions on this field are the following:
              #
              # * HIGH
              # * MEDIUM
              # * LOW
          "alertId": "A String", # Output only. The alert identifier.
          "assignee": "A String", # The email address of the user assigned to the alert.
          "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to
              # help prevent simultaneous updates of an alert metadata from overwriting
              # each other. It is strongly suggested that systems make use of the `etag` in
              # the read-modify-write cycle to perform metatdata updates in order to avoid
              # race conditions: An `etag` is returned in the response which contains alert
              # metadata, and systems are expected to put that etag in the request to
              # update alert metadata to ensure that their change will be applied to the
              # same version of the alert metadata.
              #
              # If no `etag` is provided in the call to update alert metadata, then the
              # existing alert metadata is overwritten blindly.
          "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
        },
        "type": "A String", # Required. The type of the alert.
            # This is output only after alert is created.
            # For a list of available alert types see
            # [G Suite Alert types](/admin-sdk/alertcenter/reference/alert-types).
        "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
        "securityInvestigationToolLink": "A String", # Output only. An optional
            # [Security Investigation Tool](https://support.google.com/a/answer/7575955)
            # query for this alert.
      },
    ],
  }
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call 'execute()' on to request the next
  page. Returns None if there are no more items in the collection.
    
undelete(alertId=*, body=None, x__xgafv=None)
Restores, or "undeletes", an alert that was marked for deletion within the
past 30 days. Attempting to undelete an alert which was marked for deletion
over 30 days ago (which has been removed from the Alert Center database) or
a nonexistent alert returns a `NOT_FOUND` error. Attempting to
undelete an alert which has not been marked for deletion has no effect.

Args:
  alertId: string, Required. The identifier of the alert to undelete. (required)
  body: object, The request body.
    The object takes the form of:

{ # A request to undelete a specific alert that was marked for deletion.
    "customerId": "A String", # Optional. The unique identifier of the G Suite organization account of the
        # customer the alert is associated with.
        # Inferred from the caller identity if not provided.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An alert affecting a customer.
    "updateTime": "A String", # Output only. The time this alert was last updated.
    "endTime": "A String", # Optional. The time the event that caused this alert ceased being active.
        # If provided, the end time must not be earlier than the start time.
        # If not provided, it indicates an ongoing alert.
    "alertId": "A String", # Output only. The unique identifier for the alert.
    "deleted": True or False, # Output only. `True` if this alert is marked for deletion.
    "data": { # Optional. The data associated with this alert, for example
        # google.apps.alertcenter.type.DeviceCompromised.
      "a_key": "", # Properties of the object. Contains field @type with type URL.
    },
    "createTime": "A String", # Output only. The time this alert was created.
    "source": "A String", # Required. A unique identifier for the system that reported the alert.
        # This is output only after alert is created.
        #
        # Supported sources are any of the following:
        #
        # * Google Operations
        # * Mobile device management
        # * Gmail phishing
        # * Domain wide takeout
        # * State sponsored attack
        # * Google identity
    "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to help
        # prevent simultaneous updates of an alert from overwriting each other.
        # It is strongly suggested that systems make use of the `etag` in the
        # read-modify-write cycle to perform alert updates in order to avoid race
        # conditions: An `etag` is returned in the response which contains alerts,
        # and systems are expected to put that etag in the request to update alert to
        # ensure that their change will be applied to the same version of the alert.
        #
        # If no `etag` is provided in the call to update alert, then the existing
        # alert is overwritten blindly.
    "startTime": "A String", # Required. The time the event that caused this alert was started or
        # detected.
    "metadata": { # An alert metadata. # Output only. The metadata associated with this alert.
      "status": "A String", # The current status of the alert.
          # The supported values are the following:
          #
          # * NOT_STARTED
          # * IN_PROGRESS
          # * CLOSED
      "updateTime": "A String", # Output only. The time this metadata was last updated.
      "severity": "A String", # The severity value of the alert. Alert Center will set this field at alert
          # creation time, default's to an empty string when it could not be
          # determined.
          # The supported values for update actions on this field are the following:
          #
          # * HIGH
          # * MEDIUM
          # * LOW
      "alertId": "A String", # Output only. The alert identifier.
      "assignee": "A String", # The email address of the user assigned to the alert.
      "etag": "A String", # Optional. `etag` is used for optimistic concurrency control as a way to
          # help prevent simultaneous updates of an alert metadata from overwriting
          # each other. It is strongly suggested that systems make use of the `etag` in
          # the read-modify-write cycle to perform metatdata updates in order to avoid
          # race conditions: An `etag` is returned in the response which contains alert
          # metadata, and systems are expected to put that etag in the request to
          # update alert metadata to ensure that their change will be applied to the
          # same version of the alert metadata.
          #
          # If no `etag` is provided in the call to update alert metadata, then the
          # existing alert metadata is overwritten blindly.
      "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
    },
    "type": "A String", # Required. The type of the alert.
        # This is output only after alert is created.
        # For a list of available alert types see
        # [G Suite Alert types](/admin-sdk/alertcenter/reference/alert-types).
    "customerId": "A String", # Output only. The unique identifier of the Google account of the customer.
    "securityInvestigationToolLink": "A String", # Output only. An optional
        # [Security Investigation Tool](https://support.google.com/a/answer/7575955)
        # query for this alert.
  }