Cloud IDS API

Name: Cloud IDS API API
Brand: Cloud IDS API
Availability: InStock

✓ Official Vendor SpecSecurityThreat Detectionoauth28 EndpointsREST

For Agents

Provision and manage Cloud Intrusion Detection System endpoints on a Google Cloud VPC to inspect mirrored traffic for malware, C2, and other network threats.

Quickstart

Get started with Cloud IDS API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a cloud ids endpoint on a vpc"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Cloud IDS API API.

Create a Cloud IDS endpoint attached to a specified VPC, region, and severity threshold

List Cloud IDS endpoints in a project and region with their state and threat-severity settings

Get a single Cloud IDS endpoint to inspect its network, severity threshold, and update timestamps

Update a Cloud IDS endpoint to change severity threshold or threat exception lists

GET STARTED

Start building with Cloud IDS API API

Explore with Jentic

View OpenAPI Document

Use for: Create a Cloud IDS endpoint in europe-west1 for our production VPC, List all Cloud IDS endpoints in a project, Update the severity threshold on a Cloud IDS endpoint to LOW, Delete an unused Cloud IDS endpoint

Not supported: Does not return detected threats, manage firewall rules, or scan web apps — use for Cloud IDS endpoint lifecycle (create, list, update, delete) on a VPC only.

The Cloud IDS API manages Cloud Intrusion Detection System endpoints on Google Cloud. Cloud IDS is built on Palo Alto Networks threat detection technology and inspects mirrored VPC traffic for malware, spyware, command-and-control activity, and other network-based threats. The API provides CRUD over IDS endpoints attached to a VPC and a region, lists locations where Cloud IDS is available, and exposes long-running operations that track endpoint provisioning. Detected threats themselves are streamed to Cloud Logging and Security Command Center; this API is the control plane for the inspection endpoints, not the threat feed.

Use Cases

Patterns agents use Cloud IDS API API for, with concrete tasks.

★ Production VPC Threat Inspection

Security teams running production workloads on Google Cloud deploy a Cloud IDS endpoint per VPC and per region of interest, with severity threshold tuned to MEDIUM or LOW. Mirrored VPC traffic is inspected by Palo Alto threat signatures and any detections are emitted to Cloud Logging and Security Command Center. The API drives this provisioning as code so endpoints are reproducible across environments.

Create a Cloud IDS endpoint named prod-eu in projects/p/locations/europe-west1 attached to network projects/p/global/networks/prod-vpc with severity LOW, and poll the returned operation until done.

Regional Rollout Inventory

When expanding into a new region, a SecOps team lists Cloud IDS endpoints across the project to confirm coverage matches the workload footprint. Gaps are filled by creating new endpoints; over-provisioned endpoints in unused regions are deleted. The API's list and locations operations make this auditable.

List all Cloud IDS endpoints under projects/p across all locations, then for each region with no endpoint produce a remediation plan with location, network, and proposed severity.

Severity Tuning After False Positives

Operations teams adjust an IDS endpoint's severity threshold after a wave of low-severity false positives, or extend the threat-exceptions list to silence specific signatures. The API supports PATCH on the endpoint resource so the change is auditable and revertible.

Update endpoint projects/p/locations/europe-west1/endpoints/prod-eu to set severity to MEDIUM and add threatExceptions for signature IDs 12345 and 67890, then confirm the response shows the new values.

AI Agent IDS Health and Drift Check

An AI agent runs a daily health check on Cloud IDS deployments via Jentic, listing endpoints, comparing configurations against declared policy, and surfacing drift to SecOps. The agent uses a service-account credential isolated by Jentic so raw private keys never enter its context.

List Cloud IDS endpoints under projects/p across all locations, compare each one's severity field against declared-ids.yaml, and emit a drift report listing endpoints whose severity does not match the declared value.

Key Endpoints

8 endpoints — the cloud ids api manages cloud intrusion detection system endpoints on google cloud.

METHOD

PATH

DESCRIPTION

GET

/v1/{+parent}/endpoints

List Cloud IDS endpoints under a project and location

POST

/v1/{+parent}/endpoints

Create a new Cloud IDS endpoint

GET

/v1/{+name}

Get a Cloud IDS endpoint by name

PATCH

/v1/{+name}

Update a Cloud IDS endpoint

DELETE

/v1/{+name}

Delete a Cloud IDS endpoint

GET

/v1/{+name}/locations

List supported Cloud IDS locations

GET

/v1/{+name}/operations

List long-running operations

POST

/v1/{+name}:cancel

Cancel a long-running operation

GET

/v1/{+parent}/endpoints

List Cloud IDS endpoints under a project and location

POST

/v1/{+parent}/endpoints

Create a new Cloud IDS endpoint

GET

/v1/{+name}

Get a Cloud IDS endpoint by name

PATCH

/v1/{+name}

Update a Cloud IDS endpoint

DELETE

/v1/{+name}

Delete a Cloud IDS endpoint

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Cloud IDS admin credentials live encrypted in the Jentic vault. Each call mints a short-lived OAuth token scoped to cloud-platform so raw service-account keys never enter the agent runtime.

Intent-based discovery

Agents search 'create cloud ids endpoint' or 'list cloud ids endpoints' and Jentic returns the matching operation with its parameter and body schema, abstracting URL-encoded resource names.

Time to first call

Direct integration: 1-2 days for OAuth, the parent/name resource pattern, and long-running-operation polling. Through Jentic: under 1 hour for the same workflow.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Network Security API

Manages security policies (firewall, TLS inspection) that complement Cloud IDS network-traffic inspection.

Use Network Security to define firewall and TLS-inspection policies; use Cloud IDS to inspect mirrored VPC traffic for known threats.

Alternative

Web Security Scanner API

Scans App Engine and Compute Engine web apps for vulnerabilities; Cloud IDS inspects network traffic for active threats.

Use Web Security Scanner for application-layer vulnerability scanning; use Cloud IDS for network-layer threat detection.

Complementary

Identity and Access Management (IAM) API

IAM grants the ids.endpoints.* roles required to call this API.

Use IAM to grant the Cloud IDS Admin role to the calling service account before invoking endpoint operations.

FAQs

Specific to using Cloud IDS API API through Jentic.

What authentication does the Cloud IDS API use?

Google OAuth 2.0 with the cloud-platform scope and an IAM principal that holds ids.endpoints.* permissions on the parent project. Through Jentic the credential is held encrypted in the vault and exchanged for a scoped access token at call time.

Can I update an existing Cloud IDS endpoint's severity?

Yes. Call PATCH /v1/{+name} on the endpoint resource with severity set to INFORMATIONAL, LOW, MEDIUM, HIGH, or CRITICAL. Endpoint updates run as long-running operations; poll the returned operation name until done.

What are the rate limits for the Cloud IDS API?

Google enforces a per-project quota on Cloud IDS admin operations (default in the low hundreds of QPS). Most actions are infrequent control-plane changes that complete via long-running operations within minutes.

How do I deploy a Cloud IDS endpoint through Jentic?

Search Jentic with 'create cloud ids endpoint', load the POST /v1/{+parent}/endpoints operation, and execute with parent set to projects/{p}/locations/{region} and a body specifying network, severity, and endpoint id. Jentic handles OAuth and returns the operation name.

Does the Cloud IDS API return detected threats?

No. Detected threats are exported to Cloud Logging and surface in Security Command Center. This API is the control plane for IDS endpoints; consume threat findings via the Cloud Logging or Security Command Center APIs.