Chronicle API

The Google Cloud Security Operations API (Chronicle API) provides endpoints that help analysts investigate and mitigate security threats throughout their lifecycle.

Service: chronicle.googleapis.com

Service endpoint

A service endpoint is the base URL that specifies the network address of an API service. A single service can have multiple service endpoints. Chronicle is a regional service and only supports regional endpoints. Requests sent to the global chronicle.googleapis.com endpoint will fail with a `404` error. To find your regional endpoint, see Regional service endpoint.

Regional service endpoint

A regional service endpoint is a base URL that specifies the network address of an API service in a single region. A service that is available in multiple regions might have multiple regional endpoints. Select a location to see its regional service endpoint for this service.


REST Resource: v1beta.projects.locations.instances

Methods
get GET /v1beta/{name}
Gets a Instance.

REST Resource: v1beta.projects.locations.instances.dataAccessLabels

Methods
create POST /v1beta/{parent}/dataAccessLabels
Creates a data access label.
delete DELETE /v1beta/{name}
Deletes a data access label.
get GET /v1beta/{name}
Gets a data access label.
list GET /v1beta/{parent}/dataAccessLabels
Lists all data access labels for the customer.
patch PATCH /v1beta/{dataAccessLabel.name}
Updates a data access label.

REST Resource: v1beta.projects.locations.instances.dataAccessScopes

Methods
create POST /v1beta/{parent}/dataAccessScopes
Creates a data access scope.
delete DELETE /v1beta/{name}
Deletes a data access scope.
get GET /v1beta/{name}
Retrieves an existing data access scope.
list GET /v1beta/{parent}/dataAccessScopes
Lists all existing data access scopes for the customer.
patch PATCH /v1beta/{dataAccessScope.name}
Updates a data access scope.

REST Resource: v1beta.projects.locations.instances.operations

Methods
cancel POST /v1beta/{name}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1beta/{name}
Deletes a long-running operation.
get GET /v1beta/{name}
Gets the latest state of a long-running operation.
list GET /v1beta/{name}/operations
Lists operations that match the specified filter in the request.

REST Resource: v1beta.projects.locations.instances.referenceLists

Methods
create POST /v1beta/{parent}/referenceLists
Creates a new reference list.
get GET /v1beta/{name}
Gets a single reference list.
list GET /v1beta/{parent}/referenceLists
Lists a collection of reference lists.
patch PATCH /v1beta/{referenceList.name}
Updates an existing reference list.

REST Resource: v1beta.projects.locations.instances.rules

Methods
create POST /v1beta/{parent}/rules
Creates a new Rule.
delete DELETE /v1beta/{name}
Deletes a Rule.
get GET /v1beta/{name}
Gets a Rule.
getDeployment GET /v1beta/{name}
Gets a RuleDeployment.
list GET /v1beta/{parent}/rules
Lists Rules.
listRevisions GET /v1beta/{name}:listRevisions
Lists all revisions of the rule.
patch PATCH /v1beta/{rule.name}
Updates a Rule.
updateDeployment PATCH /v1beta/{ruleDeployment.name}
Updates a RuleDeployment.

REST Resource: v1beta.projects.locations.instances.rules.deployments

Methods
list GET /v1beta/{parent}/deployments
Lists RuleDeployments across all Rules.

REST Resource: v1beta.projects.locations.instances.rules.retrohunts

Methods
create POST /v1beta/{parent}/retrohunts
Create a Retrohunt.
get GET /v1beta/{name}
Get a Retrohunt.
list GET /v1beta/{parent}/retrohunts
List Retrohunts.

REST Resource: v1beta.projects.locations.instances.watchlists

Methods
create POST /v1beta/{parent}/watchlists
Creates a watchlist for the given instance.
delete DELETE /v1beta/{name}
Deletes the watchlist for the given instance.
get GET /v1beta/{name}
Gets watchlist details for the given watchlist ID.
list GET /v1beta/{parent}/watchlists
Lists all watchlists for the given instance.
patch PATCH /v1beta/{watchlist.name}
Updates the watchlist for the given instance.

REST Resource: v1alpha.projects.locations.instances

Methods
batchValidateWatchlistEntities POST /v1alpha/{parent}:batchValidateWatchlistEntities
Validates a batch of entities that could be added into watchlist under an instance.
computeAllFindingsRefinementActivities POST /v1alpha/{instance}:computeAllFindingsRefinementActivities
Returns findings refinement activity for all findings refinements.
continuePocGraduation POST /v1alpha/{name}:continuePocGraduation
ContinuePocGraduation verifies and proceeds graduation.
countAllCuratedRuleSetDetections POST /v1alpha/{instance}:countAllCuratedRuleSetDetections
Count detections across all curated rule sets.
createFeedback POST /v1alpha/{instance}:createFeedback
RPC to submit user feedback on content generated by AI services.
delete DELETE /v1alpha/{name}
DeleteInstance deletes an Instance.
extractSyslog POST /v1alpha/{instance}:extractSyslog
ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.
fetchFederationAccess GET /v1alpha/{name}:fetchFederationAccess
FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances.
findEntity GET /v1alpha/{instance}:findEntity
Identifies the entity type and retrieves relevant data associated with a specified indicator.
findEntityAlerts GET /v1alpha/{instance}:findEntityAlerts
Get alerts for an entity
findRelatedEntities GET /v1alpha/{instance}:findRelatedEntities
Finds all the entities associated with provided entity.
findUdmFieldValues GET /v1alpha/{instance}:findUdmFieldValues
Finds ingested UDM field values that match a query.
generateCollectionAgentAuth POST /v1alpha/{name}:generateCollectionAgentAuth
GenerateCollectionAgentAuth generates an auth json file for the collection agent.
generateSoarAuthJwt POST /v1alpha/{name}:generateSoarAuthJwt
GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar.
generateSoarChatMessage POST /v1alpha/{instance}:generateSoarChatMessage
Generates a SOAR chat message based on the given intent.
generateUdmKeyValueMappings POST /v1alpha/{instance}:generateUdmKeyValueMappings
GenerateUDMKeyValueMappings generates key value mapping of a raw log.
generateWorkspaceConnectionToken POST /v1alpha/{name}:generateWorkspaceConnectionToken
Generates a token that can be used to connect a workspace customer to a chronicle instance
get GET /v1alpha/{name}
Gets a Instance.
getBigQueryExport GET /v1alpha/{name}
Get the BigQuery export configuration for a Chronicle instance.
getMultitenantDirectory GET /v1alpha/{name}
Gets the super and subtenants and gets the current tenant name.
getRiskConfig GET /v1alpha/{name}
Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.
getThreatCollectionFilterSet GET /v1alpha/{name}
Get the set of threat collection filter options.
graduatePocInstance POST /v1alpha/{name}:graduatePocInstance
GraduatePocInstance graduates an instance.
legacyCaseFederationPlatforms GET /v1alpha/{parent}/legacyCaseFederationPlatforms
Legacy endpoint for listing case federation platforms.
legacySystemMetadata GET /v1alpha/{instance}/legacySystemMetadata
Legacy Get System Metadata.
listAllFindingsRefinementDeployments GET /v1alpha/{instance}:listAllFindingsRefinementDeployments
Lists all findings refinement deployments.
patch PATCH /v1alpha/{instance.name}
Updates an Instance.
queryProductSourceStats GET /v1alpha/{instance}:queryProductSourceStats
Gets available product sources along with their stats.
searchEntities GET /v1alpha/{instance}:searchEntities
Identifies the entity type and retrieves relevant data associated with a specified indicator.
searchRawLogs POST /v1alpha/{instance}:searchRawLogs
Api to get events, entities, or unparsed raw logs matching the given raw log query.
submitResponseFeedback POST /v1alpha/{instance}:submitResponseFeedback
Submits a Response Feedback.
summarizeEntitiesFromQuery GET /v1alpha/{instance}:summarizeEntitiesFromQuery
Parses the query and identifies the entities contained within the search query.
summarizeEntity GET /v1alpha/{instance}:summarizeEntity
Returns all entity data over specified time.
testFindingsRefinement POST /v1alpha/{instance}:testFindingsRefinement
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.
translateUdmQuery POST /v1alpha/{instance}:translateUdmQuery
Translate natural language to a UDM Search query.
translateYlRule POST /v1alpha/{instance}:translateYlRule
Translate natural language to a Yara-L rule.
udmSearch GET /v1alpha/{instance}:udmSearch
Performs a UDM search that returns matching events for the query.
undelete POST /v1alpha/{name}:undelete
UndeleteInstance undeletes a soft-deleted Instance.
updateBigQueryExport PATCH /v1alpha/{bigQueryExport.name}
Update the BigQuery export configuration for a Chronicle instance.
updateRiskConfig PATCH /v1alpha/{riskConfig.name}
Updates RiskConfig used for the computation of Entity Risk Score.
validateQuery GET /v1alpha/{instance}:validateQuery
Validates UDM search query by compiling the query.
verifyNonce POST /v1alpha/{name}:verifyNonce
Verifies the nonce used to graduate an instance.
verifyReferenceList POST /v1alpha/{instance}:verifyReferenceList
VerifyReferenceList validates list content and returns line errors, if any.
verifyRuleText POST /v1alpha/{instance}:verifyRuleText
Verifies the given rule text.

REST Resource: v1alpha.projects.locations.instances.alertGroupingRules

Methods
create POST /v1alpha/{parent}/alertGroupingRules
Create a AlertGroupingRule.
delete DELETE /v1alpha/{name}
Delete a AlertGroupingRule.
get GET /v1alpha/{name}
Get a AlertGroupingRule.
list GET /v1alpha/{parent}/alertGroupingRules
List page of AlertGroupingRules.
patch PATCH /v1alpha/{alertGroupingRule.name}
Update a AlertGroupingRule.

REST Resource: v1alpha.projects.locations.instances.analytics

Methods
list GET /v1alpha/{parent}/analytics
Lists all supported analytics for APIs which can filter by analytic type, such as ListAnalyticValues.

REST Resource: v1alpha.projects.locations.instances.analytics.entities.analyticValues

Methods
list GET /v1alpha/{parent}/analyticValues
Lists analytic values.

REST Resource: v1alpha.projects.locations.instances.announcements

Methods
create POST /v1alpha/{parent}/announcements
Create an Announcement.
delete DELETE /v1alpha/{name}
Delete an Announcement.
get GET /v1alpha/{name}
Get an Announcement.
list GET /v1alpha/{parent}/announcements
List page of Announcements.
patch PATCH /v1alpha/{announcement.name}
Update an Announcement.

REST Resource: v1alpha.projects.locations.instances.bigQueryAccess

Methods
provide POST /v1alpha/{parent}/bigQueryAccess:provide
Provide BigQuery access for the given email.

REST Resource: v1alpha.projects.locations.instances.bigQueryExport

Methods
provision POST /v1alpha/{parent}/bigQueryExport:provision
Provision the BigQuery export for a Chronicle instance.

REST Resource: v1alpha.projects.locations.instances.caseCloseDefinitions

Methods
create POST /v1alpha/{parent}/caseCloseDefinitions
Creates a CaseCloseDefinition.
delete DELETE /v1alpha/{name}
Deletes a CaseCloseDefinition.
get GET /v1alpha/{name}
Gets a CaseCloseDefinition.
list GET /v1alpha/{parent}/caseCloseDefinitions
Lists CaseCloseDefinitions.
patch PATCH /v1alpha/{caseCloseDefinition.name}
Updates a CaseCloseDefinition.

REST Resource: v1alpha.projects.locations.instances.caseQueueFilters

Methods
create POST /v1alpha/{parent}/caseQueueFilters
Create a CaseQueueFilter.
delete DELETE /v1alpha/{name}
Delete a CaseQueueFilter.
get GET /v1alpha/{name}
Get a CaseQueueFilter.
getShareConfig GET /v1alpha/{name}
Get a ShareConfig.
list GET /v1alpha/{parent}/caseQueueFilters
Lists CaseQueueFilters.
patch PATCH /v1alpha/{caseQueueFilter.name}
Update a CaseQueueFilter.
updateShareConfig PATCH /v1alpha/{shareConfig.name}
Update a ShareConfig.

REST Resource: v1alpha.projects.locations.instances.caseStageDefinitions

Methods
create POST /v1alpha/{parent}/caseStageDefinitions
Create a stages available for case management.
delete DELETE /v1alpha/{name}
Delete a stages available for case management.
get GET /v1alpha/{name}
Get specific stage available for case management.
list GET /v1alpha/{parent}/caseStageDefinitions
Lists all stages available for case management.
patch PATCH /v1alpha/{caseStageDefinition.name}
Update a stages available for case management.

REST Resource: v1alpha.projects.locations.instances.caseTagDefinitions

Methods
create POST /v1alpha/{parent}/caseTagDefinitions
Create a CaseTagDefinition.
delete DELETE /v1alpha/{name}
Delete a CaseTagDefinition.
get GET /v1alpha/{name}
Get a CaseTagDefinition.
import POST /v1alpha/{parent}/caseTagDefinitions:import
Import CaseTagDefinitions.
list GET /v1alpha/{parent}/caseTagDefinitions
Lists CaseTagDefinitions.
patch PATCH /v1alpha/{caseTagDefinition.name}
Update a CaseTagDefinition.

REST Resource: v1alpha.projects.locations.instances.cases

Methods
addTag POST /v1alpha/{name}:addTag
Add a case tag.
countPriorities GET /v1alpha/{parent}/cases:countPriorities
Count a selection of cases by priority.
createInsight POST /v1alpha/{name}:createInsight
Add a case insight.
executeBulkAddTag POST /v1alpha/{parent}/cases:executeBulkAddTag
Add cases tags in bulk.
executeBulkAssign POST /v1alpha/{parent}/cases:executeBulkAssign
Assign cases in bulk.
executeBulkChangePriority POST /v1alpha/{parent}/cases:executeBulkChangePriority
Change cases priority in bulk.
executeBulkChangeStage POST /v1alpha/{parent}/cases:executeBulkChangeStage
Add cases stage in bulk.
executeBulkClose POST /v1alpha/{parent}/cases:executeBulkClose
Close cases in bulk.
executeBulkReopen POST /v1alpha/{parent}/cases:executeBulkReopen
Reopen cases in bulk.
generateReport POST /v1alpha/{name}:generateReport
Generate case report.
get GET /v1alpha/{name}
Get a case.
getCaseOverviewData GET /v1alpha/{name}:caseOverviewData
Get case overview.
list GET /v1alpha/{parent}/cases
Lists cases.
merge POST /v1alpha/{parent}/cases:merge
Merge cases.
patch PATCH /v1alpha/{case.name}
Update a case.
pauseSla POST /v1alpha/{name}:pauseSla
Pause case SLA.
removeTag POST /v1alpha/{name}:removeTag
Remove a case tag.
resolveOverviewWidget GET /v1alpha/{name}:resolveOverviewWidget
Resolve case overview widget.
resumeSla POST /v1alpha/{name}:resumeSla
Resume case SLA.

REST Resource: v1alpha.projects.locations.instances.cases.alerts.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
The method clears all context-properties set on a specific context.
create POST /v1alpha/{parent}/contextProperties
Create a context-property.
delete DELETE /v1alpha/{name}
Delete a context-property.
get GET /v1alpha/{name}
Get a context-property.
list GET /v1alpha/{parent}/contextProperties
List context-properties.
patch PATCH /v1alpha/{contextProperty.name}
Update a context-property.

REST Resource: v1alpha.projects.locations.instances.cases.alerts.customFieldValues

Methods
batchUpdate POST /v1alpha/{parent}/customFieldValues:batchUpdate
Batch update CustomFieldValues.
get GET /v1alpha/{name}
Get a CustomFieldValue.
list GET /v1alpha/{parent}/customFieldValues
Lists CustomFieldValues.
patch PATCH /v1alpha/{customFieldValue.name}
Update a CustomFieldValue.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts

Methods
get GET /v1alpha/{name}
Get a CaseAlert.
getAlertOverviewData GET /v1alpha/{name}:alertOverviewData
Get alert overview.
list GET /v1alpha/{parent}/caseAlerts
List CaseAlerts.
move POST /v1alpha/{name}:move
Move CaseAlert to a different case.
patch PATCH /v1alpha/{caseAlert.name}
Update a CaseAlert.
pauseSla POST /v1alpha/{name}:pauseSla
Pause a CaseAlert SLA.
resolveOverviewWidget GET /v1alpha/{name}:resolveOverviewWidget
Resolve alert overview widget.
resumeSla POST /v1alpha/{name}:resumeSla
Resume a CaseAlert SLA.
setSla POST /v1alpha/{name}:setSla
Set CaseAlert SLA.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.connectorEvents

Methods
get GET /v1alpha/{name}
Get a ConnectorEvent.
getFormatted GET /v1alpha/{parent}/connectorEvents:formatted
Get a formatted ConnectorEvents for a given case/alert.
list GET /v1alpha/{parent}/connectorEvents
List page of ConnectorEvents.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.involvedEntities

Methods
addProperty POST /v1alpha/{name}:addProperty
Add a property to an InvolvedEntity.
create POST /v1alpha/{parent}/involvedEntities
Create an InvolvedEntity.
fetchCards GET /v1alpha/{parent}/involvedEntities:fetchCards
Fetch invloved entities cards.
get GET /v1alpha/{name}
Get an InvolvedEntity.
list GET /v1alpha/{parent}/involvedEntities
Lists InvolvedEntities.
patch PATCH /v1alpha/{involvedEntity.name}
Update an InvolvedEntity.
updateProperty POST /v1alpha/{name}:updateProperty
Update a property of an InvolvedEntity.

REST Resource: v1alpha.projects.locations.instances.cases.caseComments

Methods
create POST /v1alpha/{parent}/caseComments
Create a CaseComment.
delete DELETE /v1alpha/{name}
Delete a CaseComment.
get GET /v1alpha/{name}
Get a CaseComment.
list GET /v1alpha/{parent}/caseComments
Lists CaseComments.
patch PATCH /v1alpha/{caseComment.name}
Update a CaseComment.

REST Resource: v1alpha.projects.locations.instances.cases.caseWallRecords

Methods
favorite PATCH /v1alpha/{favoriteRequest.name}:favorite
Set a wall item as a favorite one.
fetchActivitiesCount GET /v1alpha/{parent}/caseWallRecords:fetchActivitiesCount
Fetches the count of activities for a given type.
get GET /v1alpha/{name}
Get a CaseWallRecord.
list GET /v1alpha/{parent}
Lists CaseWallRecords.

REST Resource: v1alpha.projects.locations.instances.cases.chatMessages

Methods
create POST /v1alpha/{parent}/chatMessages
Creates a Case-chat message.
get GET /v1alpha/{name}
Gets a Case-chat message.
list GET /v1alpha/{parent}/chatMessages
Lists all Case-chat messages for a given case.
pinMessage POST /v1alpha/{name}:pinMessage
Pins a Case-chat message to the case wall.
unpinMessage POST /v1alpha/{name}:unpinMessage
Unpins a Case-chat message from the case wall.
upload POST /v1alpha/{parent}/chatMessages:createWithAttachment
POST /upload/v1alpha/{parent}/chatMessages:createWithAttachment
Creates a Case-chat message with an attachment.

REST Resource: v1alpha.projects.locations.instances.cases.chatMessages.attachments

Methods
download GET /v1alpha/{name}:download
Downloads a Case-chat message attachment.

REST Resource: v1alpha.projects.locations.instances.cases.chatMessages.legacySoarUsers

Methods
unreadMessagesCount GET /v1alpha/{parent}:unreadMessagesCount
Gets the amount of unread messages for current user

REST Resource: v1alpha.projects.locations.instances.cases.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
The method clears all context-properties set on a specific context.
create POST /v1alpha/{parent}/contextProperties
Create a context-property.
delete DELETE /v1alpha/{name}
Delete a context-property.
get GET /v1alpha/{name}
Get a context-property.
list GET /v1alpha/{parent}/contextProperties
List context-properties.
patch PATCH /v1alpha/{contextProperty.name}
Update a context-property.

REST Resource: v1alpha.projects.locations.instances.cases.customFieldValues

Methods
batchUpdate POST /v1alpha/{parent}/customFieldValues:batchUpdate
Batch update CustomFieldValues.
get GET /v1alpha/{name}
Get a CustomFieldValue.
list GET /v1alpha/{parent}/customFieldValues
Lists CustomFieldValues.
patch PATCH /v1alpha/{customFieldValue.name}
Update a CustomFieldValue.

REST Resource: v1alpha.projects.locations.instances.contentHub.contentPacks

Methods
add POST /v1alpha/{parent}:add
Create a ContentPack.
alignPlaybooks POST /v1alpha/{name}:alignPlaybooks
Align Playbooks from a Content Pack.
delete DELETE /v1alpha/{name}
Delete a ContentPack.
deployConnectorInstances POST /v1alpha/{name}:deployConnectorInstances
Install Connector Instances from a Content Pack.
deployPlaybooks POST /v1alpha/{name}:deployPlaybooks
Install Playbooks from a Content Pack.
deployTestCases POST /v1alpha/{name}:deployTestCases
Install test cases.
download GET /v1alpha/{name}:exportPack
Export Content Pack.
get GET /v1alpha/{name}
Get a ContentPack.
installIntegration POST /v1alpha/{name}:installIntegration
Install integration.
list GET /v1alpha/{parent}
Lists ContentPacks.
markAsDeployed POST /v1alpha/{name}:markAsDeployed
Mark Content Pack as deployed.
upload POST /v1alpha/{parent}/contentPacks:importPack
POST /upload/v1alpha/{parent}/contentPacks:importPack
Import Content Pack.

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentNativeDashboards

Methods
get GET /v1alpha/{name}
Get a native dashboard featured content.
install POST /v1alpha/{name}:install
Install a native dashboard featured content.
list GET /v1alpha/{parent}/featuredContentNativeDashboards
List all native dashboards featured content.

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentRules

Methods
list GET /v1alpha/{parent}/featuredContentRules
Lists FeaturedContentRules

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentSearchQueries

Methods
get GET /v1alpha/{name}
Get a search featured content.
installFeaturedContentSearchQuery POST /v1alpha/{name}
Install a search featured content.
list GET /v1alpha/{parent}/featuredContentSearchQueries
List all searches featured content.

REST Resource: v1alpha.projects.locations.instances.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
The method clears all context-properties set on a specific context.
create POST /v1alpha/{parent}/contextProperties
Create a context-property.
delete DELETE /v1alpha/{name}
Delete a context-property.
get GET /v1alpha/{name}
Get a context-property.
list GET /v1alpha/{parent}/contextProperties
List context-properties.
patch PATCH /v1alpha/{contextProperty.name}
Update a context-property.

REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories

Methods
get GET /v1alpha/{name}
Gets a CuratedRuleSetCategory.
list GET /v1alpha/{parent}/curatedRuleSetCategories
Lists CuratedRuleSetCategories.

REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets

Methods
countCuratedRuleSetDetections POST /v1alpha/{name}:countCuratedRuleSetDetections
Counts the detections generated by a CuratedRuleSet.
get GET /v1alpha/{name}
Gets a CuratedRuleSet.
list GET /v1alpha/{parent}/curatedRuleSets
Lists CuratedRuleSets.

REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets.curatedRuleSetDeployments

Methods
batchUpdate POST /v1alpha/{parent}/curatedRuleSetDeployments:batchUpdate
Update multiple deployments of curated rule sets.
get GET /v1alpha/{name}
Get a deployment of a curated rule set.
list GET /v1alpha/{parent}/curatedRuleSetDeployments
Lists deployments for a curated rule set.
patch PATCH /v1alpha/{curatedRuleSetDeployment.name}
Update a deployment of a curated rule set.

REST Resource: v1alpha.projects.locations.instances.curatedRules

Methods
get GET /v1alpha/{name}
Gets a CuratedRule.
list GET /v1alpha/{parent}/curatedRules
Lists CuratedRules.

REST Resource: v1alpha.projects.locations.instances.customFields

Methods
batchGet GET /v1alpha/{parent}/customFields:batchGet
Batch gets multiple CustomFields.
create POST /v1alpha/{parent}/customFields
Create a CustomField.
delete DELETE /v1alpha/{name}
Delete a CustomField.
get GET /v1alpha/{name}
Get a CustomField.
list GET /v1alpha/{parent}/customFields
Lists custom fields.
patch PATCH /v1alpha/{customField.name}
Update a CustomField.

REST Resource: v1alpha.projects.locations.instances.customLists

Methods
batchDelete POST /v1alpha/{parent}/customLists:batchDelete
Batch delete custom lists by custom lists names.
create POST /v1alpha/{parent}/customLists
Create a CustomList.
delete DELETE /v1alpha/{name}
Delete a custom list.
export POST /v1alpha/{parent}/customLists:export
Export custom lists by custom lists names.
get GET /v1alpha/{name}
Get a CustomList.
import POST /v1alpha/{parent}/customLists:import
Import custom lists from CSV file.
list GET /v1alpha/{parent}/customLists
List all CustomLists.
patch PATCH /v1alpha/{customList.name}
Update a CustomList.

REST Resource: v1alpha.projects.locations.instances.dashboardCharts

Methods
batchGet GET /v1alpha/{parent}/dashboardCharts:batchGet
Get dashboard charts in batches.
get GET /v1alpha/{name}
Get a dashboard chart.

REST Resource: v1alpha.projects.locations.instances.dashboardQueries

Methods
execute POST /v1alpha/{parent}/dashboardQueries:execute
Execute a query and return the data.
get GET /v1alpha/{name}
Get a dashboard query.

REST Resource: v1alpha.projects.locations.instances.dashboards

Methods
copy POST /v1alpha/{name}:copy
Copy a dashboard of one type to a dashbooard of another type.
create POST /v1alpha/{parent}/dashboards
Create a dashboard.
delete DELETE /v1alpha/{name}
Delete a dashboard.
get GET /v1alpha/{name}
Get a dashboard.
list GET /v1alpha/{parent}/dashboards
List all dashboards.

REST Resource: v1alpha.projects.locations.instances.dataAccessLabels

Methods
create POST /v1alpha/{parent}/dataAccessLabels
Creates a data access label.
delete DELETE /v1alpha/{name}
Deletes a data access label.
get GET /v1alpha/{name}
Gets a data access label.
list GET /v1alpha/{parent}/dataAccessLabels
Lists all data access labels for the customer.
patch PATCH /v1alpha/{dataAccessLabel.name}
Updates a data access label.

REST Resource: v1alpha.projects.locations.instances.dataAccessScopes

Methods
create POST /v1alpha/{parent}/dataAccessScopes
Creates a data access scope.
delete DELETE /v1alpha/{name}
Deletes a data access scope.
get GET /v1alpha/{name}
Retrieves an existing data access scope.
list GET /v1alpha/{parent}/dataAccessScopes
Lists all existing data access scopes for the customer.
patch PATCH /v1alpha/{dataAccessScope.name}
Updates a data access scope.

REST Resource: v1alpha.projects.locations.instances.dataExports

Methods
cancel POST /v1alpha/{name}:cancel
Cancels a DataExport.
create POST /v1alpha/{parent}/dataExports
Creates a new DataExport.
fetchavailablelogtypes POST /v1alpha/{parent}/dataExports:fetchavailablelogtypes
Fetches available log types for export.
get GET /v1alpha/{name}
Gets a DataExport.

REST Resource: v1alpha.projects.locations.instances.dataTableOperationErrors

Methods
get GET /v1alpha/{name}
Get the error for a data table operation.

REST Resource: v1alpha.projects.locations.instances.dataTables

Methods
create POST /v1alpha/{parent}/dataTables
Create a new data table.
delete DELETE /v1alpha/{name}
Delete data table.
get GET /v1alpha/{name}
Get data table info.
list GET /v1alpha/{parent}/dataTables
List data tables.
patch PATCH /v1alpha/{dataTable.name}
Update data table.
upload POST /v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
POST /upload/v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
Create data table from a bulk file.

REST Resource: v1alpha.projects.locations.instances.dataTables.dataTableRows

Methods
bulkCreate POST /v1alpha/{parent}/dataTableRows:bulkCreate
Create data table rows in bulk.
bulkCreateAsync POST /v1alpha/{parent}/dataTableRows:bulkCreateAsync
Create data table rows in bulk asynchronously.
bulkGet POST /v1alpha/{parent}/dataTableRows:bulkGet
Get data table rows in bulk.
bulkReplace POST /v1alpha/{parent}/dataTableRows:bulkReplace
Replace all existing data table rows with new data table rows.
bulkReplaceAsync POST /v1alpha/{parent}/dataTableRows:bulkReplaceAsync
Replace all existing data table rows with new data table rows asynchronously.
bulkUpdate POST /v1alpha/{parent}/dataTableRows:bulkUpdate
Update data table rows in bulk.
bulkUpdateAsync POST /v1alpha/{parent}/dataTableRows:bulkUpdateAsync
Update data table rows in bulk asynchronously.
create POST /v1alpha/{parent}/dataTableRows
Create a new data table row.
delete DELETE /v1alpha/{name}
Delete data table row.
get GET /v1alpha/{name}
Get data table row
list GET /v1alpha/{parent}/dataTableRows
List data table rows.
patch PATCH /v1alpha/{dataTableRow.name}
Update data table row

REST Resource: v1alpha.projects.locations.instances.dataTaps

Methods
create POST /v1alpha/{parent}/dataTaps
Creates a DataTap.
delete DELETE /v1alpha/{name}
Deletes a DataTap.
get GET /v1alpha/{name}
Gets a DataTap.
list GET /v1alpha/{parent}/dataTaps
Lists DataTaps.
patch PATCH /v1alpha/{dataTap.name}
Updates a DataTap.

REST Resource: v1alpha.projects.locations.instances.dynamicParameters

Methods
create POST /v1alpha/{parent}/dynamicParameters
Create a DynamicParameter.
delete DELETE /v1alpha/{name}
Delete a DynamicParameter.
export POST /v1alpha/{parent}/dynamicParameters:export
Export all DynamicParameters.
get GET /v1alpha/{name}
Get a DynamicParameter.
import POST /v1alpha/{parent}/dynamicParameters:import
Import DynamicParameters.
list GET /v1alpha/{parent}/dynamicParameters
Lists DynamicParameters.
patch PATCH /v1alpha/{dynamicParameter.name}
Update a DynamicParameter.

REST Resource: v1alpha.projects.locations.instances.emailTemplates

Methods
batchDelete POST /v1alpha/{parent}/emailTemplates:batchDelete
Batch delete email templates.
create POST /v1alpha/{parent}/emailTemplates
Creates an EmailTemplate for a given instance.
delete DELETE /v1alpha/{name}
Deletes an EmailTemplate for a given instance.
export POST /v1alpha/{parent}/emailTemplates:export
Export email templates as file stream.
get GET /v1alpha/{name}
Gets an EmailTemplate by name.
import POST /v1alpha/{parent}/emailTemplates:import
Import email templates from file stream.
list GET /v1alpha/{parent}/emailTemplates
Lists all EmailTemplates for a given instance.
patch PATCH /v1alpha/{emailTemplate.name}
Updates an EmailTemplate for a given instance.

REST Resource: v1alpha.projects.locations.instances.enrichmentControls

Methods
create POST /v1alpha/{parent}/enrichmentControls
Create an EnrichmentControl resource.
delete DELETE /v1alpha/{name}
Delete an EnrichmentControl.
get GET /v1alpha/{name}
Get an EnrichmentControl.
list GET /v1alpha/{parent}/enrichmentControls
List all EnrichmentControls.

REST Resource: v1alpha.projects.locations.instances.entities

Methods
get GET /v1alpha/{name}
Gets an entity by name.
import POST /v1alpha/{parent}/entities:import
ImportEntities import the entities.
modifyEntityRiskScore POST /v1alpha/{name}:modifyEntityRiskScore
Modify base entity risk score for an entity.
queryEntityRiskScoreModifications GET /v1alpha/{name}:queryEntityRiskScoreModifications
Query modifications to base entity risk score for an entity.

REST Resource: v1alpha.projects.locations.instances.entitiesBlocklists

Methods
create POST /v1alpha/{parent}/entitiesBlocklists
Create a EntitiesBlocklist.
delete DELETE /v1alpha/{name}
Delete a EntitiesBlocklist.
get GET /v1alpha/{name}
Get a EntitiesBlocklist.
list GET /v1alpha/{parent}/entitiesBlocklists
List page of EntitiesBlocklists.
patch PATCH /v1alpha/{entitiesBlocklist.name}
Update a EntitiesBlocklist.

REST Resource: v1alpha.projects.locations.instances.entityRiskScores

Methods
query GET /v1alpha/{instance}/entityRiskScores:query
Queries the instance for EntityRiskScores.

REST Resource: v1alpha.projects.locations.instances.environmentGroups

Methods
create POST /v1alpha/{parent}/environmentGroups
Create an EnvironmentGroup.
delete DELETE /v1alpha/{name}
Delete an EnvironmentGroup.
get GET /v1alpha/{name}
Get an EnvironmentGroup.
list GET /v1alpha/{parent}/environmentGroups
List EnvironmentGroups.
patch PATCH /v1alpha/{environmentGroup.name}
Update an EnvironmentGroup.

REST Resource: v1alpha.projects.locations.instances.environments

Methods
create POST /v1alpha/{parent}/environments
Creates a Environment.
delete DELETE /v1alpha/{name}
Deletes a Environment.
get GET /v1alpha/{name}
Gets a Environment.
list GET /v1alpha/{parent}/environments
Lists Environments.
patch PATCH /v1alpha/{environment.name}
Updates a Environment.
resetWeights POST /v1alpha/{name}/environments:resetWeights
Reset weights of all environments.

REST Resource: v1alpha.projects.locations.instances.errorNotificationConfigs

Methods
create POST /v1alpha/{parent}/errorNotificationConfigs
Creates a new error notification config for the customer
delete DELETE /v1alpha/{name}
Deletes an error notification config.
get GET /v1alpha/{name}
Gets a single error notification config.
list GET /v1alpha/{parent}/errorNotificationConfigs
Lists error notification configurations for the customer.
patch PATCH /v1alpha/{errorNotificationConfig.name}
Updates an error notification config.

REST Resource: v1alpha.projects.locations.instances.events

Methods
batchGet GET /v1alpha/{parent}/events:batchGet
Gets a batch (list) of events given a list of names and a parent.
get GET /v1alpha/{name}
Gets an event given a name.
import POST /v1alpha/{parent}/events:import
ImportEvents import the events.

REST Resource: v1alpha.projects.locations.instances.federationGroups

Methods
create POST /v1alpha/{parent}/federationGroups
CreateFederationGroup method creates a new Federation group.
delete DELETE /v1alpha/{name}
DeleteFederationGroup method deletes a Federation group.
get GET /v1alpha/{name}
GetFederationGroup method gets a Federation group.
list GET /v1alpha/{parent}/federationGroups
ListFederationGroups method lists all Federation groups.
patch PATCH /v1alpha/{federationGroup.name}
UpdateFederationGroup method updates a Federation group.

REST Resource: v1alpha.projects.locations.instances.feedPacks

Methods
get GET /v1alpha/{name}
Gets a feed pack.
list GET /v1alpha/{parent}/feedPacks
Lists Packs for which feeds can be configured.

REST Resource: v1alpha.projects.locations.instances.feedServiceAccounts

Methods
fetchServiceAccountForCustomer GET /v1alpha/{parent}/feedServiceAccounts:fetchServiceAccountForCustomer
Fetch Chronicle's service account used for ingesting data from Cloud Storage buckets.

REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas

Methods
list GET /v1alpha/{parent}/feedSourceTypeSchemas
List all FeedSourceTypeSchemas.

REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas.logTypeSchemas

Methods
list GET /v1alpha/{parent}/logTypeSchemas
List all LogTypeSchemas compatible with a given FeedSourceType.

REST Resource: v1alpha.projects.locations.instances.feeds

Methods
create POST /v1alpha/{parent}/feeds
Creates a feed.
delete DELETE /v1alpha/{name}
Deletes a feed.
disable POST /v1alpha/{name}:disable
Disable feed for ingestion.
enable POST /v1alpha/{name}:enable
Enable feed for ingestion.
generateSecret POST /v1alpha/{name}:generateSecret
Generates a new secret for https push feeds which do not support jwt tokens.
get GET /v1alpha/{name}
Gets a feed.
importPushLogs POST /v1alpha/{parent}:importPushLogs
Import logs coming from https push feeds.
list GET /v1alpha/{parent}/feeds
Lists all feeds for the customer.
patch PATCH /v1alpha/{feed.name}
Updates the full feed.
scheduleTransfer POST /v1alpha/{name}:scheduleTransfer
Schedules a feed transfer for the feed.

REST Resource: v1alpha.projects.locations.instances.findingsGraph

Methods
exploreNode GET /v1alpha/{name}:exploreNode
Explores a node to find related nodes if it is an IndividualNode or retrieve the individual nodes within the group if it is a GroupNode and return a graph composed by the nodes and their edges over a time range.
initializeGraph GET /v1alpha/{name}:initializeGraph
Initialize a graph from a resource such as a detection or an entity.

REST Resource: v1alpha.projects.locations.instances.findingsRefinements

Methods
computeFindingsRefinementActivity POST /v1alpha/{name}:computeFindingsRefinementActivity
Returns findings refinement activity for a specific findings refinement.
create POST /v1alpha/{parent}/findingsRefinements
Creates a new findings refinement.
get GET /v1alpha/{name}
Gets a single findings refinement.
getDeployment GET /v1alpha/{name}
Gets a findings refinement deployment.
list GET /v1alpha/{parent}/findingsRefinements
Lists a collection of findings refinements.
patch PATCH /v1alpha/{findingsRefinement.name}
Updates a findings refinement.
updateDeployment PATCH /v1alpha/{findingsRefinementDeployment.name}
Updates a findings refinement deployment.

REST Resource: v1alpha.projects.locations.instances.forwarders

Methods
create POST /v1alpha/{parent}/forwarders
Create a forwarder.
delete DELETE /v1alpha/{name}
Delete a forwarder by forwarder ID.
generateForwarderFiles GET /v1alpha/{name}:generateForwarderFiles
Generates a forwarder's configuration files.
get GET /v1alpha/{name}
Get a forwarder by forwarder ID.
importStatsEvents POST /v1alpha/{name}:importStatsEvents
ImportStatsEvents imports stats events from a forwarder.
list GET /v1alpha/{parent}/forwarders
List all forwarders for the instance.
patch PATCH /v1alpha/{forwarder.name}
Update a forwarder.

REST Resource: v1alpha.projects.locations.instances.forwarders.collectors

Methods
create POST /v1alpha/{parent}/collectors
Create a collector.
delete DELETE /v1alpha/{name}
Delete a collector by collector ID.
get GET /v1alpha/{name}
Get a collector by collector ID.
list GET /v1alpha/{parent}/collectors
List all collectors for the forwarder.
patch PATCH /v1alpha/{collector.name}
Update a collector.

REST Resource: v1alpha.projects.locations.instances.ingestionLogLabels

Methods
list GET /v1alpha/{parent}/ingestionLogLabels
Returns the ingestion log labels for the customer.

REST Resource: v1alpha.projects.locations.instances.ingestionLogNamespaces

Methods
list GET /v1alpha/{parent}/ingestionLogNamespaces
Lists ingestion log namespaces for the customer.

REST Resource: v1alpha.projects.locations.instances.integrations

Methods
create POST /v1alpha/{parent}/integrations
Create a SOAR Integration.
delete DELETE /v1alpha/{name}
Deletes a SOAR Integration.
download GET /v1alpha/{name}:exportItems
Export items from existing integration to a zipped folder.
downloadDependency POST /v1alpha/{name}:downloadDependency
Download integration dependency.
fetchAffectedItems GET /v1alpha/{name}:fetchAffectedItems
Get items that can be affected due to a change in the integration (for example, removal of the integration).
fetchAgentIntegrations GET /v1alpha/{parent}:fetchAgentIntegrations
Get the integrations that are installed on a specific agent.
fetchCommercialDiff GET /v1alpha/{name}:fetchCommercialDiff
Get a diff between the current integration and the matching commercial integration from the store
fetchDependencies GET /v1alpha/{name}:fetchDependencies
List all of the downloaded dependencies of a custom integration.
fetchRestrictedAgents GET /v1alpha/{name}:fetchRestrictedAgents
Returns a list of all agents that an integration update should be restricted on, due to possible incompatibility, such as: unsupported Python version.
get GET /v1alpha/{name}
Get a SOAR Integration.
getFetchProductionDiff GET /v1alpha/{name}:fetchProductionDiff
Get a diff between the current staging integration and the matching production integration
getFetchStagingDiff GET /v1alpha/{name}:fetchStagingDiff
Get a diff between the current production integration and the matching staging
list GET /v1alpha/{parent}/integrations
Lists SOAR Integrations.
patch PATCH /v1alpha/{integration.name}
Updates a SOAR Integration.
pushToProduction POST /v1alpha/{name}:pushToProduction
Push an integration from Staging to Production mode.
pushToStaging POST /v1alpha/{name}:pushToStaging
Push an integration from Production to Staging mode.
upload POST /v1alpha/{parent}/integrations:extractIntegrationDetails
POST /upload/v1alpha/{parent}/integrations:extractIntegrationDetails
Get the zip file content before importing an integration to the system

REST Resource: v1alpha.projects.locations.instances.integrations.actions

Methods
create POST /v1alpha/{parent}/actions
CreateIntegrationAction creates a IntegrationAction.
delete DELETE /v1alpha/{name}
DeleteIntegrationAction deletes a IntegrationAction.
executeTest POST /v1alpha/{name}:executeTest
Executes a test on a action definition script.
fetchActionsByEnvironment GET /v1alpha/{parent}/actions:fetchActionsByEnvironment
Fetch actions by environment.
fetchTemplate GET /v1alpha/{parent}/actions:fetchTemplate
Fetches the default action template, mainly used for obtaining the default script allowing quick start.
get GET /v1alpha/{name}
GetIntegrationAction gets a IntegrationAction.
list GET /v1alpha/{parent}/actions
ListIntegrationActions lists IntegrationActions.
patch PATCH /v1alpha/{integrationAction.name}
UpdateIntegrationAction updates a IntegrationAction.

REST Resource: v1alpha.projects.locations.instances.integrations.actions.revisions

Methods
create POST /v1alpha/{parent}/revisions
CreateActionRevision creates a new action revision.
delete DELETE /v1alpha/{name}
DeleteActionRevision deletes an action revision.
list GET /v1alpha/{parent}/revisions
List all revisions of an action.
rollback POST /v1alpha/{name}:rollback
RollbackIntegrationActionRevision rolls back the action definition to a saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors

Methods
create POST /v1alpha/{parent}/connectors
Create a Integration Connector.
delete DELETE /v1alpha/{name}
Delete a Connector.
executeTest POST /v1alpha/{integrationIdentifier}:executeTest
Execute a test on a connector definition script.
fetchTemplate GET /v1alpha/{parent}/connectors:fetchTemplate
Retrieve the default recommended Integration Connector script template.
get GET /v1alpha/{name}
Get a integration connector.
list GET /v1alpha/{parent}/connectors
List integration connectors.
patch PATCH /v1alpha/{integrationConnector.name}
Update a Integration Connector.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.connectorInstances

Methods
create POST /v1alpha/{parent}/connectorInstances
Create a ConnectorInstance.
delete DELETE /v1alpha/{name}
Delete a ConnectorInstance.
fetchLatestDefinition GET /v1alpha/{parent}:fetchLatestDefinition
Fetch the latest definition of a connector.
get GET /v1alpha/{name}
Get a ConnectorInstance.
list GET /v1alpha/{parent}/connectorInstances
List ConnectorInstances.
patch PATCH /v1alpha/{connectorInstance.name}
Update a ConnectorInstance.
runOnDemand POST /v1alpha/{name}:runOnDemand
Run a connector on demand.
setLogsCollection POST /v1alpha/{name}:setLogsCollection
Set the logs collection for a connector.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.connectorInstances.logs

Methods
get GET /v1alpha/{name}
Get a single ConnectorInstanceLog.
list GET /v1alpha/{parent}/logs
List all ConnectorInstanceLogs for a given ConnectorInstance.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
The method clears all context-properties set on a specific context.
create POST /v1alpha/{parent}/contextProperties
Create a context-property.
delete DELETE /v1alpha/{name}
Delete a context-property.
get GET /v1alpha/{name}
Get a context-property.
list GET /v1alpha/{parent}/contextProperties
List context-properties.
patch PATCH /v1alpha/{contextProperty.name}
Update a context-property.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new connector revision.
delete DELETE /v1alpha/{name}
Deletes a connector revision.
list GET /v1alpha/{parent}/revisions
Lists all revisions of a connector.
rollback POST /v1alpha/{name}:rollback
RollbackConnectorRevision rolls back the connector definition to a saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.integrationInstances

Methods
create POST /v1alpha/{parent}/integrationInstances
Create a IntegrationInstance.
delete DELETE /v1alpha/{name}
Delete a IntegrationInstance.
executeTest POST /v1alpha/{name}:executeTest
Execute a test for a given IntegrationInstance.
fetchAffectedItems GET /v1alpha/{name}:fetchAffectedItems
Fetch affected items for a given IntegrationInstance.
fetchDefaultInstance GET /v1alpha/{parent}/integrationInstances:fetchDefaultInstance
Execute a test for a given IntegrationInstance.
get GET /v1alpha/{name}
Get IntegrationInstance for a given instance.
list GET /v1alpha/{parent}/integrationInstances
List IntegrationInstances for a given instance.
patch PATCH /v1alpha/{integrationInstance.name}
Update a IntegrationInstance.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs

Methods
create POST /v1alpha/{parent}/jobs
CreateIntegrationJob creates a IntegrationJob.
delete DELETE /v1alpha/{name}
DeleteIntegrationJob deletes a IntegrationJob.
executeTest POST /v1alpha/{name}:executeTest
Executes a test on a job definition script.
fetchTemplate GET /v1alpha/{parent}/jobs:fetchTemplate
Fetches the default job template, mainly used for obtaining the default script allowing quick start.
get GET /v1alpha/{name}
GetIntegrationJob gets a IntegrationJob.
list GET /v1alpha/{parent}/jobs
ListIntegrationJobs lists IntegrationJobs.
patch PATCH /v1alpha/{integrationJob.name}
UpdateIntegrationJob updates a IntegrationJob.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
The method clears all context-properties set on a specific context.
create POST /v1alpha/{parent}/contextProperties
Create a context-property.
delete DELETE /v1alpha/{name}
Delete a context-property.
get GET /v1alpha/{name}
Get a context-property.
list GET /v1alpha/{parent}/contextProperties
List context-properties.
patch PATCH /v1alpha/{contextProperty.name}
Update a context-property.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.jobInstances

Methods
create POST /v1alpha/{parent}/jobInstances
CreateJobInstance creates a new job instance.
delete DELETE /v1alpha/{name}
DeleteJobInstance deletes a job instance.
get GET /v1alpha/{name}
Get instance of a job.
list GET /v1alpha/{parent}/jobInstances
List all instances of a job.
patch PATCH /v1alpha/{integrationJobInstance.name}
UpdateIntegrationJobInstance updates an instance of a job instance.
runOnDemand POST /v1alpha/{name}:runOnDemand
RunOnDemandIntegrationJobInstance runs job instance script once.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.jobInstances.logs

Methods
get GET /v1alpha/{name}
Get a single IntegrationJobInstanceLog.
list GET /v1alpha/{parent}/logs
List all IntegrationJobInstanceLogs for a given IntegrationJobInstance.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.revisions

Methods
create POST /v1alpha/{parent}/revisions
CreateJobRevision creates a new job revision.
delete DELETE /v1alpha/{name}
DeleteJobRevision deletes a job revision.
list GET /v1alpha/{parent}/revisions
List all revisions of a job.
rollback POST /v1alpha/{name}:rollback
RollbackIntegrationJobRevision rolls back the job definition to a saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.managers

Methods
create POST /v1alpha/{parent}/managers
Create an Integration Manager.
delete DELETE /v1alpha/{name}
Delete an Integration Manager.
fetchTemplate GET /v1alpha/{parent}/managers:fetchTemplate
Retrieve the default recommended Integration Manager script template.
get GET /v1alpha/{name}
Get an Integration Manager.
list GET /v1alpha/{parent}/managers
List Integration Managers for a given integration.
patch PATCH /v1alpha/{integrationManager.name}
Update an Integration Manager.

REST Resource: v1alpha.projects.locations.instances.integrations.managers.revisions

Methods
create POST /v1alpha/{parent}/revisions
CreateIntegrationManagerRevision creates a new manager revision.
delete DELETE /v1alpha/{name}
DeleteIntegrationManagerRevision deletes a specific manager revision.
get GET /v1alpha/{name}
GetIntegrationManagerRevision gets a specific manager revision.
list GET /v1alpha/{parent}/revisions
ListIntegrationManagerRevisions lists all manager revisions for a given manager.
rollback POST /v1alpha/{name}:rollback
RollbackIntegrationManagerRevision rolls back the manager definition to a saved revision.

REST Resource: v1alpha.projects.locations.instances.investigations

Methods
get GET /v1alpha/{name}
GetInvestigation is used to retrieve an investigation.
list GET /v1alpha/{parent}/investigations
ListInvestigations is used to retrieve existing investigations for a given instance.
trigger POST /v1alpha/{parent}/investigations:trigger
Custom method to manually trigger an investigation for a given alert.

REST Resource: v1alpha.projects.locations.instances.investigations.investigationSteps

Methods
get GET /v1alpha/{name}
GetInvestigationStep is used to retrieve an investigation step.
list GET /v1alpha/{parent}/investigationSteps
ListInvestigationSteps is used to retrieve existing investigation steps for a given investigation.

REST Resource: v1alpha.projects.locations.instances.iocAssociations

Methods
batchGet GET /v1alpha/{parent}/iocAssociations:batchGet
Gets a batch (list) of IocAssociations given a list of names and a parent.
fetchRelatedIocAssociations GET /v1alpha/{name}:fetchRelatedIocAssociations
List related Ioc Associations for a given Ioc Association.
fetchRelatedThreatCollections GET /v1alpha/{name}:fetchRelatedThreatCollections
List related threat collections for an IocAssociation.
get GET /v1alpha/{name}
Get an Ioc Association by resource name.

REST Resource: v1alpha.projects.locations.instances.iocs

Methods
batchGet GET /v1alpha/{parent}/iocs:batchGet
Gets a batch (list) of iocs given a list of names and a parent.
findFirstAndLastSeen GET /v1alpha/{name}:findFirstAndLastSeen
FindFirstAndLastSeen for an Ioc.
get GET /v1alpha/{name}
Get an Ioc.
getIocState GET /v1alpha/{name}
Gets the status of an ioc
searchCuratedDetectionsForIoc GET /v1alpha/{name}:searchCuratedDetectionsForIoc
Search curated detections for an Ioc.
updateIocState PATCH /v1alpha/{iocState.name}
Update an Ioc state.

REST Resource: v1alpha.projects.locations.instances.labsExperiments

Methods
execute POST /v1alpha/{parent}:execute
Executes a LabsExperiment.
get GET /v1alpha/{name}
Gets a LabExperiment.
list GET /v1alpha/{parent}/labsExperiments
Lists LabsExperiments.
patch PATCH /v1alpha/{labsExperiment.name}
Update a LabsExperiment.

REST Resource: v1alpha.projects.locations.instances.labsExperiments.executions

Methods
get GET /v1alpha/{name}
Retrieves a specific LabsExperimentExecution resource.
list GET /v1alpha/{parent}/executions
Lists LabsExperimentExecution resources.
patch PATCH /v1alpha/{labsExperimentExecution.name}
Updates a LabsExperimentExecution.

REST Resource: v1alpha.projects.locations.instances.legacy

Methods
legacyBatchGetCases GET /v1alpha/{instance}/legacy:legacyBatchGetCases
RPC for fetching cases for the given caseNames.
legacyBatchGetCollections GET /v1alpha/{instance}/legacy:legacyBatchGetCollections
RPC for getting a batch of collections based on their Collection Ids.
legacyCreateOrUpdateCase POST /v1alpha/{instance}/legacy:legacyCreateOrUpdateCase
Legacy RPC for creating or updating an existing case.
legacyCreateSoarAlert POST /v1alpha/{instance}/legacy:legacyCreateSoarAlert
RPC for creating a SOAR alert.
legacyFetchAlertsView GET /v1alpha/{instance}/legacy:legacyFetchAlertsView
Legacy streaming endpoint for getting alerts (and in some cases, non-alerting detections) along with aggregated fields that match the query.
legacyFetchUdmSearchCsv POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchCsv
Legacy endpoint for fetching csv rows for matching UDM search.
legacyFetchUdmSearchView POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchView
Legacy endpoint for fetching events, filters, and histograms matching UDM search.
legacyFindAssetEvents GET /v1alpha/{instance}/legacy:legacyFindAssetEvents
Legacy endpoint for getting events for an asset indicator.
legacyFindRawLogs GET /v1alpha/{instance}/legacy:legacyFindRawLogs
Legacy endpoint for getting events for a raw log search query.
legacyFindUdmEvents GET /v1alpha/{instance}/legacy:legacyFindUdmEvents
Legacy endpoint for finding UDM/entity events using tokens or ids.
legacyGetAlert GET /v1alpha/{instance}/legacy:legacyGetAlert
RPC for fetching an alert based on its Alert Id.
legacyGetCuratedRulesTrends GET /v1alpha/{instance}/legacy:legacyGetCuratedRulesTrends
Legacy RPC for listing detection counts and last detection timestamp for a list of Curated Rule ids.
legacyGetDetection GET /v1alpha/{instance}/legacy:legacyGetDetection
Legacy endpoint for fetching a Detection.
legacyGetEventForDetection GET /v1alpha/{instance}/legacy:legacyGetEventForDetection
Legacy endpoint for getting event for curated detection.
legacyGetRuleCounts GET /v1alpha/{instance}/legacy:legacyGetRuleCounts
RPC to get rule counts.
legacyGetRulesTrends GET /v1alpha/{instance}/legacy:legacyGetRulesTrends
Legacy RPC for listing detection counts and last detection timestamp for a list of user-defined rule ids.
legacyRunTestRule POST /v1alpha/{instance}/legacy:legacyRunTestRule
Legacy RPC to test a rule and stream back the responses.
legacySearchArtifactEvents GET /v1alpha/{instance}/legacy:legacySearchArtifactEvents
Legacy endpoint for getting events for a given artifact.
legacySearchArtifactIoCDetails GET /v1alpha/{instance}/legacy:legacySearchArtifactIoCDetails
Rpc to search for IoC details for a particular artifact.
legacySearchAssetEvents GET /v1alpha/{instance}/legacy:legacySearchAssetEvents
Legacy endpoint for getting events for a given asset.
legacySearchCuratedDetections GET /v1alpha/{instance}/legacy:legacySearchCuratedDetections
Legacy endpoint for searcing detections for a Curated Rule.
legacySearchCustomerStats POST /v1alpha/{instance}/legacy:legacySearchCustomerStats
LegacySearchCustomerStats gets data collection stats about a customer, e.g., the first time data was seen from a customer, the last time, etc.
legacySearchDetections GET /v1alpha/{instance}/legacy:legacySearchDetections
Legacy endpoint for searching detections for a rule version.
legacySearchDomainsRecentlyRegistered GET /v1alpha/{instance}/legacy:legacySearchDomainsRecentlyRegistered
Given a list of domain names and a time, returns only the domains that were recently registered relative to that time.
legacySearchDomainsTimingStats GET /v1alpha/{instance}/legacy:legacySearchDomainsTimingStats
Given a list of domain names, returns time-related statistics for those domains (ex: the first seen in the enterprise time).
legacySearchEnterpriseWideAlerts GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideAlerts
RPC for getting all alerts in a time range in legacy page site.
legacySearchEnterpriseWideIoCs GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideIoCs
RPC for listing IoC matches against ingested events.
legacySearchFindings GET /v1alpha/{instance}/legacy:legacySearchFindings
Legacy endpoint for listing Findings.
legacySearchIngestionStats POST /v1alpha/{instance}/legacy:legacySearchIngestionStats
LegacySearchIngestionStats gets data ingestion stats about a given customer, e.g.
legacySearchIoCInsights GET /v1alpha/{instance}/legacy:legacySearchIoCInsights
Rpc to list IoC insights on given artifacts.
legacySearchRawLogs GET /v1alpha/{instance}/legacy:legacySearchRawLogs
Legacy endpoint for getting events for a raw log search.
legacySearchRuleDetectionCountBuckets GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets
Legacy endpoint for listing detection count buckets for a Rules Engine rule.
legacySearchRuleDetectionEvents GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionEvents
Legacy RPC for listing events associated with a particular Detection generated by a Rules Engine rule.
legacySearchRuleResults GET /v1alpha/{instance}/legacy:legacySearchRuleResults
Legacy endpoint for listing aggregated results for a Rules Engine rule.
legacySearchRulesAlerts GET /v1alpha/{instance}/legacy:legacySearchRulesAlerts
RPC to get the list of Rules Engine generated alerts for a customer.
legacySearchUserEvents GET /v1alpha/{instance}/legacy:legacySearchUserEvents
Legacy endpoint for getting events for a given user.
legacyStreamDetectionAlerts POST /v1alpha/{instance}/legacy:legacyStreamDetectionAlerts
Legacy StreamDetectionAlerts continuously streams new detection alerts as they are discovered.
legacyTestRuleStreaming POST /v1alpha/{instance}/legacy:legacyTestRuleStreaming
LegacyTestRuleStreaming tests the given rule text over a specified time range and streams detections/errors back without persisting them.
legacyUpdateAlert POST /v1alpha/{instance}/legacy:legacyUpdateAlert
Legacy endpoint for updating an alert.

REST Resource: v1alpha.projects.locations.instances.legacyCaseFederationPlatforms

Methods
create POST /v1alpha/{parent}/legacyCaseFederationPlatforms
Legacy endpoint for creating a case federation platform.
legacyDeleteCaseFederationPlatform DELETE /v1alpha/{name}
Legacy endpoint for deleting a case federation platform.
legacyGetCaseFederationPlatform GET /v1alpha/{name}
Legacy endpoint for getting a case federation platform.

REST Resource: v1alpha.projects.locations.instances.legacyConfiguration

Methods
legacyGetMaximumAlertsGroupingConfiguration GET /v1alpha/{instance}/legacyConfiguration:legacyGetMaximumAlertsGroupingConfiguration
Legacy endpoint for fetching audit logs.

REST Resource: v1alpha.projects.locations.instances.legacyFederatedCases

Methods
legacyBatchPatchFederatedCases POST /v1alpha/{parent}/legacyFederatedCases:legacyBatchPatchFederatedCases
Batch patch federated cases into the primary platform.
legacyFetchCasesToSync GET /v1alpha/{parent}/legacyFederatedCases:legacyFetchCasesToSync
Legacy endpoint for fetching cases to sync.
legacyGetFederatedCase GET /v1alpha/{name}
Get a federated case.
legacyListFederatedCases POST /v1alpha/{parent}/legacyFederatedCases:legacyListFederatedCases
List federated cases.

REST Resource: v1alpha.projects.locations.instances.legacyPlaybooks

Methods
download GET /v1alpha/{instance}/legacyPlaybooks:legacyExportDefinitions
LegacyPlaybookExportDefinitions exports workflows as a zip file.
legacyActionWidgetTemplate GET /v1alpha/{instance}/legacyPlaybooks:legacyActionWidgetTemplate
LegacyPlaybookActionWidgetTemplate returns the action widget template for a given action identifier.
legacyAddOrUpdatePlaybookCategory POST /v1alpha/{instance}/legacyPlaybooks:legacyAddOrUpdatePlaybookCategory
Add or update workflow categories.
legacyAiGenerate POST /v1alpha/{instance}/legacyPlaybooks:legacyAiGenerate
Generates a playbook using AI based on the provided user prompt.
legacyAiGenerateByAlert POST /v1alpha/{instance}/legacyPlaybooks:legacyAiGenerateByAlert
AI Generation of a new playbook based on a given security alert.
legacyAiUpdate POST /v1alpha/{instance}/legacyPlaybooks:legacyAiUpdate
Updates playbook using AI based on the provided user prompt.
legacyApplyApprovalLink POST /v1alpha/{instance}/legacyPlaybooks:legacyApplyApprovalLink
LegacyPlaybookApplyApprovalLink applies an approval link to a workflow.
legacyAttachNestedWorkflowToCase POST /v1alpha/{instance}/legacyPlaybooks:legacyAttachNestedWorkflowToCase
LegacyPlaybookAttachNestedWorkflowToCase attaches a nested workflow to a case.
legacyAttachWorkflowToCase POST /v1alpha/{instance}/legacyPlaybooks:legacyAttachWorkflowToCase
LegacyPlaybookAttachWorkflowToCase attaches a workflow to a case.
legacyCheckWorkflowNameInDifferentEnvironments POST /v1alpha/{instance}/legacyPlaybooks:legacyCheckWorkflowNameInDifferentEnvironments
LegacyPlaybookCheckWorkflowNameInDifferentEnvironments checks if the workflow name is used in different environments.
legacyCloneWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyCloneWorkflow
legacyCloneWorkflow clones a workflow.
legacyCreateFeedback POST /v1alpha/{instance}/legacyPlaybooks:legacyCreateFeedback
LegacyCreateFeedback creates a feedback for a playbook.
legacyDeleteWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyDeleteWorkflow
LegacyPlaybookDeleteWorkflow deletes a workflow definition.
legacyDeleteWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDeleteWorkflows
Delete workflows.
legacyDuplicateNestedWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateNestedWorkflows
legacyDuplicateNestedWorkflows duplicates nested workflows.
legacyDuplicateWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateWorkflow
legacyDuplicateWorkflow duplicates a workflow.
legacyDuplicateWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateWorkflows
legacyDuplicateWorkflows duplicates workflows.
legacyExecuteManualStep POST /v1alpha/{instance}/legacyPlaybooks:legacyExecuteManualStep
LegacyPlaybookExecuteManualStep executes a manual step.
legacyExecuteStep POST /v1alpha/{instance}/legacyPlaybooks:legacyExecuteStep
LegacyPlaybookExecuteStep executes a step.
legacyFetchActionResultsForSimulation POST /v1alpha/{instance}/legacyPlaybooks:legacyFetchActionResultsForSimulation
LegacyPlaybookFetchActionResultsForSimulation returns action results for workflow instance id filtered by loop iteration.
legacyGetActionResultsOfWFId GET /v1alpha/{instance}/legacyPlaybooks:legacyGetActionResultsOfWFId
LegacyPlaybookGetActionResultsOfWFId returns action results by workflow (playbook) instance id.
legacyGetAiGenerationStatusByAlert GET /v1alpha/{instance}/legacyPlaybooks:legacyGetAiGenerationStatusByAlert
Get a status of AI generation of a playbook based on a given security alert.
legacyGetCaseEntities GET /v1alpha/{instance}/legacyPlaybooks:legacyGetCaseEntities
LegacyPlaybookGetCaseEntities get case entities.
legacyGetContextGroupByKey GET /v1alpha/{instance}/legacyPlaybooks:legacyGetContextGroupByKey
LegacyPlaybookGetContextGroupByKey returns the context group by key.
legacyGetDebugStepCaseData POST /v1alpha/{instance}/legacyPlaybooks:legacyGetDebugStepCaseData
LegacyPlaybookGetDebugStepCaseData gets the debug step case data.
legacyGetEnabledWFCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetEnabledWFCards
Get enabled workflow cards.
legacyGetEnabledWFNames GET /v1alpha/{instance}/legacyPlaybooks:legacyGetEnabledWFNames
Get enabled workflow names.
legacyGetHtmlViewPresets GET /v1alpha/{instance}/legacyPlaybooks:legacyGetHtmlViewPresets
LegacyPlaybookGetHtmlViewPresets gets the html view presets.
legacyGetNestedPlaybookParams GET /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybookParams
Get Nested Playbooks by environments as steps.
legacyGetNestedPlaybooksAsSteps GET /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybooksAsSteps
Get Nested Playbooks as steps.
legacyGetNestedPlaybooksByEnvironmentsAsSteps POST /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybooksByEnvironmentsAsSteps
Get Nested Playbooks by environments as steps.
legacyGetNestedWorkflowDefaultInputs POST /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedWorkflowDefaultInputs
LegacyPlaybookGetNestedWorkflowDefaultInputs get the latest input values for a nested workflow.
legacyGetOverviewTemplate GET /v1alpha/{instance}/legacyPlaybooks:legacyGetOverviewTemplate
LegacyPlaybookGetOverviewTemplate returns the overview template by template identifier.
legacyGetOverviewTemplates POST /v1alpha/{instance}/legacyPlaybooks:legacyGetOverviewTemplates
LegacyPlaybookGetOverviewTemplateByPlaybookIdentifier returns the overview template by playbook identifier.
legacyGetPendingStep POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStep
Get legacyGetPendingStep returns a pending step by alert identifier.
legacyGetPendingStepsCountForUser GET /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStepsCountForUser
Get legacyGetPendingStepsCountForUser returns pending steps count for the user running the request.
legacyGetPendingStepsUserRelated GET /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStepsUserRelated
Get legacyGetPendingStepsUserRelated returns pending steps related to the user.
legacyGetPlaybookSimulationEnrichment POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybookSimulationEnrichment
LegacyPlaybookGetPlaybookSimulationEnrichment returns the playbook simulation enrichment.
legacyGetPlaybookStatsMap POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybookStatsMap
LegacyPlaybookGetPlaybookStatsMap returns statistic data related to the workflow (such as number of runs, distribution by time, etc.).
legacyGetPlaybooksUsingBlocks POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybooksUsingBlocks
Get legacyGetPlaybooksUsingBlocks returns a list of the existing playbooks using blocks based on the block identifiers provided.
legacyGetTriggerTags POST /v1alpha/{instance}/legacyPlaybooks:legacyGetTriggerTags
LegacyPlaybookGetTriggerTags returns a list of all the tags that are relevant to the trigger type tag.
legacyGetWorkFlowVersionLogs POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkFlowVersionLogs
LegacyPlaybookGetWorkFlowVersionLogs gets workflow version logs.
legacyGetWorkflowCategories GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowCategories
Get workflow categories.
legacyGetWorkflowFullInfoByIdentifier GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowFullInfoByIdentifier
Get legacyGetWorkflowFullInfoByIdentifier returns full info of a workflow by identifier.
legacyGetWorkflowFullInfoWithEnvFilterByIdentifier GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowFullInfoWithEnvFilterByIdentifier
Get legacyGetWorkflowFullInfoWithEnvFilterByIdentifier returns full info of a workflow by identifier including environment filter.
legacyGetWorkflowInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstance
LegacyPlaybookExecuteManualStep returns the Instance (done \ pending) that was created for a given case+alert Identifier combo and the wf identifier.
legacyGetWorkflowInstanceSummary POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstanceSummary
LegacyPlaybookGetWorkflowInstanceSummary returns the summary of an executed playbook for a given case including the alert and playbook Identifiers.
legacyGetWorkflowInstancesCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstancesCards
LegacyPlaybookGetWorkflowInstancesCards returns the workflow instances cards for a given case+alert Identifier combo.
legacyGetWorkflowMenuCard GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCard
Get legacyGetWorkflowMenuCard returns a workflow menu card by identifier.
legacyGetWorkflowMenuCardWithEnvFilter GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCardWithEnvFilter
Get legacyGetWorkflowMenuCardWithEnvFilter returns a workflow menu card by identifier with environment filter.
legacyGetWorkflowMenuCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCards
Get legacyGetWorkflowMenuCards returns a list of the existing playbook cards.
legacyGetWorkflowMenuCardsWithEnvFilter POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCardsWithEnvFilter
Get legacyGetWorkflowMenuCards returns a list of the existing playbook cards with environment filter.
legacyGetWorkflowStepInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowStepInstance
LegacyPlaybookGetWorkflowStepInstance returns a workflow step instance.
legacyGetWorkflowsContainsActionAsync GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowsContainsActionAsync
Get legacyGetWorkflowsContainsActionAsync returns workflows containing a specified action asynchronously.
legacyGetWorkflowsInvolvingAction POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowsInvolvingAction
LegacyPlaybookGetWorkflowsInvolvingAction returns a list of actions that are part of the workflow.
legacyMoveDefinitionsToCategory POST /v1alpha/{instance}/legacyPlaybooks:legacyMoveDefinitionsToCategory
LegacyPlaybookMoveDefinitionsToCategory moves the workflow definitions to a selected category.
legacyPermissions DELETE /v1alpha/{instance}/legacyPlaybooks:legacyPermissions
LegacyPlaybookDeletePermissions Removes all access permissions for the given workflow.
legacyPermissionsOptions POST /v1alpha/{instance}/legacyPlaybooks:legacyPermissionsOptions
LegacyPlaybookPermissionsOptions return playbook access permission options.
legacyRemoveCategories POST /v1alpha/{instance}/legacyPlaybooks:legacyRemoveCategories
Remove workflow categories.
legacyRerunBlock POST /v1alpha/{instance}/legacyPlaybooks:legacyRerunBlock
LegacyPlaybookRerunBlock reruns block on a given alert.
legacyRerunPlaybook POST /v1alpha/{instance}/legacyPlaybooks:legacyRerunPlaybook
LegacyPlaybookRerunPlaybook reruns a playbook on a given alert.
legacyRestoreWorkflowDefinition POST /v1alpha/{instance}/legacyPlaybooks:legacyRestoreWorkflowDefinition
LegacyPlaybookRestoreWorkflowDefinition restores workflow definition.
legacyRunPlaybookInDebug POST /v1alpha/{instance}/legacyPlaybooks:legacyRunPlaybookInDebug
Run playbook in debug mode.
legacySaveLogVersionOfWorkflowDefinitions POST /v1alpha/{instance}/legacyPlaybooks:legacySaveLogVersionOfWorkflowDefinitions
LegacyPlaybookSaveLogVersionOfWorkflowDefinitions saves log version of workflow definitions.
legacySaveWorkflowDefinitions POST /v1alpha/{instance}/legacyPlaybooks:legacySaveWorkflowDefinitions
Save workflow definitions.
legacySkip POST /v1alpha/{instance}/legacyPlaybooks:legacySkip
LegacyPlaybookSkip will skip a pending playbook action, resulting in the execution of the following steps.
legacyTestPipeExample POST /v1alpha/{instance}/legacyPlaybooks:legacyTestPipeExample
LegacyPlaybookTestPipeExample tests a pipe example.
legacyUpdateDefinitionsPriority POST /v1alpha/{instance}/legacyPlaybooks:legacyUpdateDefinitionsPriority
LegacyPlaybookUpdateDefinitionsPriority updates the priority of the workflow definitions.
upload POST /v1alpha/{instance}/legacyPlaybooks:legacyImportDefinitions
POST /upload/v1alpha/{instance}/legacyPlaybooks:legacyImportDefinitions
LegacyPlaybookImportDefinitions Import workflows from a zip file.

REST Resource: v1alpha.projects.locations.instances.legacyPublisher

Methods
download GET /v1alpha/{instance}/legacyPublisher:legacyGetTaskData
Legacy endpoint for getting a task data.
legacyAddConnectorPackage POST /v1alpha/{instance}/legacyPublisher:legacyAddConnectorPackage
Legacy endpoint for uploading a connector package..
legacyCloudLog POST /v1alpha/{instance}/legacyPublisher:legacyCloudLog
Legacy endpoint for sending a log to the Publisher.
legacyDeleteIntegration POST /v1alpha/{instance}/legacyPublisher:legacyDeleteIntegration
Legacy endpoint for deleting integration from Publisher.
legacyGetHasLocallyScheduledRemoteConnectors GET /v1alpha/{instance}/legacyPublisher:legacyGetHasLocallyScheduledRemoteConnectors
Legacy endpoint for checking if the integration has locally scheduled remote connectors.
legacyGetIntegrationDependencies GET /v1alpha/{instance}/legacyPublisher:legacyGetIntegrationDependencies
Legacy endpoint for getting all the dependencies of the integration.
legacyGetLatestIntegrationVersion GET /v1alpha/{instance}/legacyPublisher:legacyGetLatestIntegrationVersion
Legacy endpoint for getting the latest version of an integration.
legacyKeepAlive POST /v1alpha/{instance}/legacyPublisher:legacyKeepAlive
Legacy endpoint for sending keep alive message to Publisher.
legacyListTasks GET /v1alpha/{instance}/legacyPublisher:legacyListTasks
Legacy endpoint for listing remote tasks.
legacyPing GET /v1alpha/{instance}/legacyPublisher:legacyPing
Legacy endpoint for pinging the Publisher server.
legacySetUpgradeInProgress POST /v1alpha/{instance}/legacyPublisher:legacySetUpgradeInProgress
Legacy endpoint for updating upgrade_in_progress status.
legacyUpdateIntegrationStatus POST /v1alpha/{instance}/legacyPublisher:legacyUpdateIntegrationStatus
Legacy endpoint for updating integration status.
legacyUpdateTask POST /v1alpha/{instance}/legacyPublisher:legacyUpdateTask
Legacy endpoint for updating task status.
upload POST /v1alpha/{instance}/legacyPublisher:legacyUpdateTaskResult
POST /upload/v1alpha/{instance}/legacyPublisher:legacyUpdateTaskResult
Legacy endpoint for updating a task result.

REST Resource: v1alpha.projects.locations.instances.legacySdk

Methods
legacyAddAgentConnectorLogs POST /v1alpha/{instance}/legacySdk:legacyAddAgentConnectorLogs
Legacy RPC for add agent connector logs.
legacyAddAgentLogs POST /v1alpha/{instance}/legacySdk:legacyAddAgentLogs
Legacy RPC for add agent logs.
legacyAddAttachment POST /v1alpha/{instance}/legacySdk:legacyAddAttachment
Legacy RPC for add attachment.
legacyAddComment POST /v1alpha/{instance}/legacySdk:legacyAddComment
Legacy RPC for add comment.
legacyAddEntitiesToCustomList POST /v1alpha/{instance}/legacySdk:legacyAddEntitiesToCustomList
Legacy RPC for add entities to custom list.
legacyAddOrUpdateCaseTask POST /v1alpha/{instance}/legacySdk:legacyAddOrUpdateCaseTask
Legacy RPC for add or update case task.
legacyAddTag POST /v1alpha/{instance}/legacySdk:legacyAddTag
Legacy RPC for adding tag.
legacyAlertFullDetails POST /v1alpha/{instance}/legacySdk:legacyAlertFullDetails
Legacy RPC for getting alert full details.
legacyAlertSourceFile GET /v1alpha/{instance}/legacySdk:legacyAlertSourceFile
Legacy RPC for getting alert source file.
legacyAlertsFullDetails GET /v1alpha/{instance}/legacySdk:legacyAlertsFullDetails
Legacy RPC for getting alerts full details.
legacyAlertsTicketIdsByCaseId GET /v1alpha/{instance}/legacySdk:legacyAlertsTicketIdsByCaseId
Legacy RPC for getting alerts ticket ids by case id.
legacyAnyEntityInCustomList POST /v1alpha/{instance}/legacySdk:legacyAnyEntityInCustomList
Legacy RPC for check any entity in custom list.
legacyAssignUser POST /v1alpha/{instance}/legacySdk:legacyAssignUser
Legacy RPC for assign user to case.
legacyAttacheWorkflowToCase POST /v1alpha/{instance}/legacySdk:legacyAttacheWorkflowToCase
Legacy RPC for attach workflow to case.
legacyAttachmentData GET /v1alpha/{instance}/legacySdk:legacyAttachmentData
Legacy RPC for getting attachment.
legacyAttachments GET /v1alpha/{instance}/legacySdk:legacyAttachments
Legacy RPC for getting attachments.
legacyCaseFullDetails GET /v1alpha/{instance}/legacySdk:legacyCaseFullDetails
Legacy RPC for getting case full details.
legacyCaseMetadata GET /v1alpha/{instance}/legacySdk:legacyCaseMetadata
Legacy RPC for getting case metadata.
legacyChangeCaseStage POST /v1alpha/{instance}/legacySdk:legacyChangeCaseStage
Legacy RPC for change case stage.
legacyChangePriority POST /v1alpha/{instance}/legacySdk:legacyChangePriority
Legacy RPC for change case priority.
legacyCheckMarketplaceStatus GET /v1alpha/{instance}/legacySdk:legacyCheckMarketplaceStatus
Legacy RPC for check marketplace status.
legacyCloseAlert POST /v1alpha/{instance}/legacySdk:legacyCloseAlert
Legacy RPC for close alert.
legacyCloseCase POST /v1alpha/{instance}/legacySdk:legacyCloseCase
Legacy RPC for close case.
legacyCreateCase POST /v1alpha/{instance}/legacySdk:legacyCreateCase
Legacy RPC for create case.
legacyCreateCaseInsight POST /v1alpha/{instance}/legacySdk:legacyCreateCaseInsight
Legacy RPC for creating case insight.
legacyCreateConnectorPackage POST /v1alpha/{instance}/legacySdk:legacyCreateConnectorPackage
Legacy RPC for create connector package.
legacyCreateEntity POST /v1alpha/{instance}/legacySdk:legacyCreateEntity
Legacy RPC for create entity.
legacyDismissAlert POST /v1alpha/{instance}/legacySdk:legacyDismissAlert
Legacy RPC for dismiss alert.
legacyGetAgentById GET /v1alpha/{instance}/legacySdk:legacyGetAgentById
Legacy RPC for get agent by id.
legacyGetAlertsTicketIdsFromCasesClosedSinceTimestamp POST /v1alpha/{instance}/legacySdk:legacyGetAlertsTicketIdsFromCasesClosedSinceTimestamp
Legacy RPC for getting alerts ticket ids from cases closed since timestamp.
legacyGetAlertsToSync POST /v1alpha/{instance}/legacySdk:legacyGetAlertsToSync
Legacy RPC for get alerts to sync.
legacyGetCaseClosureDetails POST /v1alpha/{instance}/legacySdk:legacyGetCaseClosureDetails
Legacy RPC for getting case closure details.
legacyGetCaseComment GET /v1alpha/{instance}/legacySdk:legacyGetCaseComment
Legacy RPC for getting case comment.
legacyGetCaseComments GET /v1alpha/{instance}/legacySdk:legacyGetCaseComments
Legacy RPC for getting case comments.
legacyGetCaseTasks GET /v1alpha/{instance}/legacySdk:legacyGetCaseTasks
Legacy RPC for getting case tasks.
legacyGetCasesByFilter POST /v1alpha/{instance}/legacySdk:legacyGetCasesByFilter
Legacy RPC for getting cases by filter.
legacyGetCasesByRequest POST /v1alpha/{instance}/legacySdk:legacyGetCasesByRequest
Legacy RPC for get cases by request.
legacyGetCasesFilter GET /v1alpha/{instance}/legacySdk:legacyGetCasesFilter
Legacy RPC for get cases filter.
legacyGetCasesIdByFilter POST /v1alpha/{instance}/legacySdk:legacyGetCasesIdByFilter
Legacy RPC for getting cases id by filter.
legacyGetConnectorParameters GET /v1alpha/{instance}/legacySdk:legacyGetConnectorParameters
Legacy RPC for getting connector parameters.
legacyGetContextProperty POST /v1alpha/{instance}/legacySdk:legacyGetContextProperty
Legacy RPC for getting context property.
legacyGetCurrentSiemplifyVersion GET /v1alpha/{instance}/legacySdk:legacyGetCurrentSiemplifyVersion
Legacy RPC for getting current siemplify version.
legacyGetCustomListCategories GET /v1alpha/{instance}/legacySdk:legacyGetCustomListCategories
Legacy RPC for getting custom list categories.
legacyGetFailedActions GET /v1alpha/{instance}/legacySdk:legacyGetFailedActions
Legacy RPC for getting failed actions.
legacyGetFailedConnectors POST /v1alpha/{instance}/legacySdk:legacyGetFailedConnectors
Legacy RPC for getting failed connectors.
legacyGetFailedETLOperations GET /v1alpha/{instance}/legacySdk:legacyGetFailedETLOperations
Legacy RPC for getting failed ETL operations.
legacyGetFailedJobs GET /v1alpha/{instance}/legacySdk:legacyGetFailedJobs
Legacy RPC for getting failed jobs.
legacyGetIntegrationVersion GET /v1alpha/{instance}/legacySdk:legacyGetIntegrationVersion
Legacy RPC for getting integration version.
legacyGetProxySettings GET /v1alpha/{instance}/legacySdk:legacyGetProxySettings
Legacy RPC for getting proxy settings.
legacyGetPublisherById GET /v1alpha/{instance}/legacySdk:legacyGetPublisherById
Legacy RPC for getting publisher by ID.
legacyGetRemoteConnectorsKeysMap GET /v1alpha/{instance}/legacySdk:legacyGetRemoteConnectorsKeysMap
Legacy RPC for getting remote connectors keys map.
legacyGetSimilarCasesIds POST /v1alpha/{instance}/legacySdk:legacyGetSimilarCasesIds
Legacy RPC for getting similar cases ids.
legacyGetSyncAlerts POST /v1alpha/{instance}/legacySdk:legacyGetSyncAlerts
Legacy RPC for getting sync alerts.
legacyGetSyncCases POST /v1alpha/{instance}/legacySdk:legacyGetSyncCases
Legacy RPC for getting sync cases.
legacyGetTicketIdsForAlertsDismissedSinceTimestamp POST /v1alpha/{instance}/legacySdk:legacyGetTicketIdsForAlertsDismissedSinceTimestamp
Legacy RPC for getting ticket ids for alerts dismissed since timestamp.
legacyGetUpdatedSyncAlertsMetadata POST /v1alpha/{instance}/legacySdk:legacyGetUpdatedSyncAlertsMetadata
Legacy RPC for getting updated sync alerts metadata.
legacyGetUpdatedSyncCasesMetadata POST /v1alpha/{instance}/legacySdk:legacyGetUpdatedSyncCasesMetadata
Legacy RPC for getting updated sync cases metadata.
legacyGetUserFullName GET /v1alpha/{instance}/legacySdk:legacyGetUserFullName
Legacy RPC for getting user full name.
legacyIntegrationConfiguration GET /v1alpha/{instance}/legacySdk:legacyIntegrationConfiguration
Legacy RPC for getting integration configuration.
legacyKeepAlive GET /v1alpha/{instance}/legacySdk:legacyKeepAlive
Legacy RPC for keeping the SDK alive.
legacyMarkAsImportant POST /v1alpha/{instance}/legacySdk:legacyMarkAsImportant
Legacy RPC for mark as important.
legacyOpenCases GET /v1alpha/{instance}/legacySdk:legacyOpenCases
Legacy RPC for getting a LegacySdk.
legacyRaiseIncident POST /v1alpha/{instance}/legacySdk:legacyRaiseIncident
Legacy RPC for raise incident.
legacyRemoveEntitiesFromCustomList POST /v1alpha/{instance}/legacySdk:legacyRemoveEntitiesFromCustomList
Legacy RPC for remove entities from custom list.
legacySendEmailWithAttachment POST /v1alpha/{instance}/legacySdk:legacySendEmailWithAttachment
Legacy RPC for send email with attachment.
legacySendSystemNotification POST /v1alpha/{instance}/legacySdk:legacySendSystemNotification
Legacy RPC for sending system notification.
legacySetAlertSla POST /v1alpha/{instance}/legacySdk:legacySetAlertSla
Legacy RPC for setting alert sla.
legacySetCaseSla POST /v1alpha/{instance}/legacySdk:legacySetCaseSla
Legacy RPC for setting case sla.
legacySetContextProperty POST /v1alpha/{instance}/legacySdk:legacySetContextProperty
Legacy RPC for setting context property.
legacySystemInfo GET /v1alpha/{instance}/legacySdk:legacySystemInfo
Legacy RPC for getting system info.
legacyTrySetContextProperty POST /v1alpha/{instance}/legacySdk:legacyTrySetContextProperty
Legacy RPC for setting context property.
legacyUnraiseIncident POST /v1alpha/{instance}/legacySdk:legacyUnraiseIncident
Legacy RPC for unraising incident.
legacyUpdateAlertPriority POST /v1alpha/{instance}/legacySdk:legacyUpdateAlertPriority
Legacy RPC for update alert priority.
legacyUpdateAlertsAdditional POST /v1alpha/{instance}/legacySdk:legacyUpdateAlertsAdditional
Legacy RPC for update alerts additional data.
legacyUpdateBatchCasesExternalCaseIds POST /v1alpha/{instance}/legacySdk:legacyUpdateBatchCasesExternalCaseIds
Legacy RPC for update batch cases external case ids.
legacyUpdateCaseScore PATCH /v1alpha/{instance}/legacySdk:legacyUpdateCaseScore
Legacy RPC for updating case score.
legacyUpdateConfigurationProperty PUT /v1alpha/{instance}/legacySdk:legacyUpdateConfigurationProperty
Legacy RPC for update configuration property.
legacyUpdateConnectorParameter PUT /v1alpha/{instance}/legacySdk:legacyUpdateConnectorParameter
Legacy RPC for update connector parameter.
legacyUpdateEntities POST /v1alpha/{instance}/legacySdk:legacyUpdateEntities
Legacy RPC for updating entities.
legacyUpdateNewAlertsSyncStatus POST /v1alpha/{instance}/legacySdk:legacyUpdateNewAlertsSyncStatus
Legacy RPC for updating the sync status of new alerts.

REST Resource: v1alpha.projects.locations.instances.legacySoarAudit

Methods
legacyExportAuditLastWeekAsCsvV2 POST /v1alpha/{instance}/legacySoarAudit:legacyExportAuditLastWeekAsCsvV2
Exports the audit data for the last week as a CSV file.
legacyGetAuditDataV2 POST /v1alpha/{instance}/legacySoarAudit:legacyGetAuditDataV2
Gets the audit data.

REST Resource: v1alpha.projects.locations.instances.legacySoarDashboard

Methods
legacyAddOrUpdateDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyAddOrUpdateDashboard
Adds a new dashboard or updates an existing one (determined by dashboard identifier).
legacyAddOrUpdateDashboardWidget POST /v1alpha/{instance}/legacySoarDashboard:legacyAddOrUpdateDashboardWidget
Adds a new dashboard widget or update an existing one (determined by widget identifier).
legacyDeleteDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyDeleteDashboard
Deletes a dashboard.
legacyDeleteDashboardWidget POST /v1alpha/{instance}/legacySoarDashboard:legacyDeleteDashboardWidget
Deletes a dashboard widget.
legacyGetCasesTimeToRespond GET /v1alpha/{instance}/legacySoarDashboard:legacyGetCasesTimeToRespond
Returns the time to respond for cases in the dashboard.
legacyGetDashboard POST /v1alpha/{name}/legacySoarDashboard:legacyGetDashboard
Returns a dashboard by id.
legacyGetDashboardCards GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardCards
Returns the cards of a dashboard.
legacyGetDashboardCustomWidgetCaseIds POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardCustomWidgetCaseIds
Returns the case ids of a custom widget in a dashboard.
legacyGetDashboardPlaybookRuns POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardPlaybookRuns
Returns the playbook runs of a dashboard.
legacyGetDashboardPlaybooks GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardPlaybooks
Returns the playbooks of a dashboard.
legacyGetDashboardWidgetCaseIds POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetCaseIds
Returns the case ids of a widget in a dashboard.
legacyGetDashboardWidgetDefinitions GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetDefinitions
Returns the widget definitions of a dashboard.
legacyGetDashboardWidgetValues POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetValues
Returns the values of a widget in a dashboard.
legacyGetOpenedAndClosedCasesTrends GET /v1alpha/{instance}/legacySoarDashboard:legacyGetOpenedAndClosedCasesTrends
Returns the opened and closed cases trends.
legacyGetPlaybookMonitoring POST /v1alpha/{instance}/legacySoarDashboard:legacyGetPlaybookMonitoring
Returns the playbook monitoring data of a dashboard.
legacyImportDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyImportDashboard
Imports a dashboard from a file.
legacySaveDashboardAsReportTemplate POST /v1alpha/{instance}/legacySoarDashboard:legacySaveDashboardAsReportTemplate
Saves a dashboard as a report template.

REST Resource: v1alpha.projects.locations.instances.legacySoarIdpMappingGroups

Methods
create POST /v1alpha/{parent}/legacySoarIdpMappingGroups
Creates a LegacySoarIdpMappingGroup.
delete DELETE /v1alpha/{name}
Deletes a LegacySoarIdpMappingGroup.
get GET /v1alpha/{name}
Gets a LegacySoarIdpMappingGroup.
getExternalProviders GET /v1alpha/{name}/legacySoarIdpMappingGroups:getExternalProviders
Gets the external providers for a LegacySoarIdpMappingGroup.
list GET /v1alpha/{parent}/legacySoarIdpMappingGroups
Lists LegacySoarIdpMappingGroups.
patch PATCH /v1alpha/{legacySoarIdpMappingGroup.name}
Updates a LegacySoarIdpMappingGroup.
updateDefaultAccessSettings POST /v1alpha/{name}/legacySoarIdpMappingGroups:updateDefaultAccessSettings
Patches the external providers for a LegacySoarIdpMappingGroup.

REST Resource: v1alpha.projects.locations.instances.legacySoarSettings

Methods
legacyAddVisualSummaryRecords POST /v1alpha/{instance}/legacySoarSettings:legacyAddVisualSummaryRecords
AddVisualSummaryRecords adds visual summary records to the environment.
legacyGetAllPlaybookActionDefinitions GET /v1alpha/{instance}/legacySoarSettings:legacyGetAllPlaybookActionDefinitions
LegacyGetAllPlaybookActionDefinitions returns all playbook action definitions.
legacyGetCaseAlertPlaybookTriggerFilterValues GET /v1alpha/{instance}/legacySoarSettings:legacyGetCaseAlertPlaybookTriggerFilterValues
LegacyGetCaseAlertPlaybookTriggerFilterValues returns the case alert playbook trigger filter values.
legacyGetCaseAlertTypeFilterValues GET /v1alpha/{instance}/legacySoarSettings:legacyGetCaseAlertTypeFilterValues
LegacyGetCaseAlertTypeFilterValues returns the case alert type filter values.
legacyGetCustomActionDetailsById GET /v1alpha/{instance}/legacySoarSettings:legacyGetCustomActionDetailsById
LegacyGetCustomActionDetailsById returns the custom action details by id.
legacyGetDataSourcesForGroupingRule POST /v1alpha/{instance}/legacySoarSettings:legacyGetDataSourcesForGroupingRule
LegacyGetDataSourcesForGroupingRule returns the data sources for grouping rule.
legacyGetEnvironmentActionDefinitions POST /v1alpha/{instance}/legacySoarSettings:legacyGetEnvironmentActionDefinitions
LegacyGetEnvironmentActionDefinitions returns the environment action definitions.
legacyGetEnvironmentStatistics POST /v1alpha/{instance}/legacySoarSettings:legacyGetEnvironmentStatistics
LegacyGetEnvironmentStatistics returns the environment statistics.
legacyGetPlaybookActionDefinitions POST /v1alpha/{instance}/legacySoarSettings:legacyGetPlaybookActionDefinitions
LegacyGetPlaybookActionDefinitions returns the playbook action definitions.
legacyGetProductsForGroupingRule POST /v1alpha/{instance}/legacySoarSettings:legacyGetProductsForGroupingRule
LegacyGetProductsForGroupingRule returns the products for grouping rule.
legacyGetSystemEventEntityTypes GET /v1alpha/{instance}/legacySoarSettings:legacyGetSystemEventEntityTypes
LegacyGetSystemEventEntityTypes returns the system event entity types.
legacyGetTimeZones GET /v1alpha/{instance}/legacySoarSettings:legacyGetTimeZones
LegacyGetTimeZones returns the time zones.
legacyGetUserRegistrationSettings GET /v1alpha/{instance}/legacySoarSettings:legacyGetUserRegistrationSettings
LegacyGetUserRegistrationSettings returns the user registration settings.
legacyGetVisualSummaryRecords GET /v1alpha/{instance}/legacySoarSettings:legacyGetVisualSummaryRecords
LegacyGetVisualSummaryRecords returns the visual summary records.
legacyIsPermittedToEnvironment GET /v1alpha/{instance}/legacySoarSettings:legacyIsPermittedToEnvironment
LegacyIsPermittedToEnvironment checks if the user is permitted to the environment.
legacyTestEmailSettings POST /v1alpha/{instance}/legacySoarSettings:legacyTestEmailSettings
LegacyTestEmailSettings tests the email settings.
legacyUploadCustomActionResultJson POST /v1alpha/{instance}/legacySoarSettings:legacyUploadCustomActionResultJson
LegacyUploadCustomActionResultJson uploads the custom action result json.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers

Methods
delete DELETE /v1alpha/{name}
Delete a LegacySoarUser.
get GET /v1alpha/{name}
Get a LegacySoarUser.
getLocalization GET /v1alpha/{name}
Get a user Localization.
getNotificationSettings GET /v1alpha/{name}
Gets the notification settings for a user.
list GET /v1alpha/{parent}/legacySoarUsers
Lists LegacySoarUsers.
updateLocalization PATCH /v1alpha/{userLocalization.name}
Update a user localization.
updateNotificationSettings PATCH /v1alpha/{notificationSettings.name}
Updates the notification settings for a user.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.attachments

Methods
delete DELETE /v1alpha/{name}
Delete an Attachment.
download GET /v1alpha/{name}:download
Export an Attachment.
get GET /v1alpha/{name}
Get an Attachment.
list GET /v1alpha/{parent}/attachments
List Attachments.
upload POST /v1alpha/{parent}/attachments:create
POST /upload/v1alpha/{parent}/attachments:create
Create an Attachment.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.userNotifications

Methods
count GET /v1alpha/{parent}/userNotifications:count
Counts UserNotifications for a given user.
get GET /v1alpha/{name}
Get a User UserNotification.
list GET /v1alpha/{parent}/userNotifications
Lists User Notifications.
markAsRead POST /v1alpha/{parent}/userNotifications:markAsRead
Marks UserNotification as read.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.workdeskContacts

Methods
create POST /v1alpha/{parent}/workdeskContacts
Create a WorkdeskContact.
delete DELETE /v1alpha/{name}
Delete a WorkdeskContact.
get GET /v1alpha/{name}
Get a SOAR WorkdeskContact.
list GET /v1alpha/{parent}/workdeskContacts
Lists SOAR workdeskContacts.
patch PATCH /v1alpha/{workdeskContact.name}
Update a WorkdeskContact.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.workdeskNotes

Methods
create POST /v1alpha/{parent}/workdeskNotes
Create a WorkdeskNote.
delete DELETE /v1alpha/{name}
Delete a WorkdeskNote.
get GET /v1alpha/{name}
Get a SOAR WorkdeskNote.
list GET /v1alpha/{parent}/workdeskNotes
Lists SOAR WorkdeskNotes.
patch PATCH /v1alpha/{workdeskNote.name}
Update a WorkdeskNote.

REST Resource: v1alpha.projects.locations.instances.legacySystem

Methods
legacyGetLicenseStatus GET /v1alpha/{instance}/legacySystem:legacyGetLicenseStatus
Legacy endpoint for getting the license status.
legacyGetMaximumDataRetentionValue GET /v1alpha/{instance}/legacySystem:legacyGetMaximumDataRetentionValue
Legacy endpoint for getting the maximum data retention value.
legacyGetSystemVersion GET /v1alpha/{instance}/legacySystem:legacyGetSystemVersion
Legacy endpoint for getting the system version.

REST Resource: v1alpha.projects.locations.instances.legacySystemMetadata

Methods
placeholders GET /v1alpha/{instance}/legacySystemMetadata:placeholders
Legacy Get Placeholder Names.

REST Resource: v1alpha.projects.locations.instances.logTypes

Methods
create POST /v1alpha/{parent}/logTypes
Create LogType.
generateEventTypesSuggestions POST /v1alpha/{logtype}:generateEventTypesSuggestions
GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.
getLogTypeSetting GET /v1alpha/{name}
Gets a LogTypeSetting.
legacySubmitParserExtension POST /v1alpha/{parent}:legacySubmitParserExtension
LegacySubmitParserExtension creates validates and then makes the extension live.
list GET /v1alpha/{parent}/logTypes
Lists all LogTypes.
runParser POST /v1alpha/{logtype}:runParser
RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.
updateLogTypeSetting PATCH /v1alpha/{logTypeSetting.name}
UpdateLogTypeSetting updates the log type setting for a log type.

REST Resource: v1alpha.projects.locations.instances.logTypes.logTypeSettings

Methods
list GET /v1alpha/{parent}/logTypeSettings
Lists all LogTypeSettings.

REST Resource: v1alpha.projects.locations.instances.logTypes.logs

Methods
import POST /v1alpha/{parent}/logs:import
Import log telemetry.
list GET /v1alpha/{parent}/logs
Lists all Logs.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions

Methods
activate POST /v1alpha/{name}:activate
ActivateParserExtension switches the customer to use requested parser extension, This will set the extension state to ACTIVE.
create POST /v1alpha/{parent}/parserExtensions
Create a parser extension.
delete DELETE /v1alpha/{name}
Delete a parser extension.
get GET /v1alpha/{name}
Get a parser extension.
list GET /v1alpha/{parent}/parserExtensions
List all parser extensions.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports

Methods
get GET /v1alpha/{name}
Get a parser vaildation report.
list GET /v1alpha/{parent}/extensionValidationReports
List all parser validation reports for a parser extension.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports.validationErrors

Methods
list GET /v1alpha/{parent}/validationErrors
List validation errors of a parser extension validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports

Methods
get GET /v1alpha/{name}
Get a validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports.parsingErrors

Methods
list GET /v1alpha/{parent}/parsingErrors
List parsing errors of a validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers

Methods
activate POST /v1alpha/{name}:activate
ActivateParser switches the customer to use requested parser, This will set the Parser state to ACTIVE.
activateReleaseCandidateParser POST /v1alpha/{name}:activateReleaseCandidateParser
ActivateReleaseCandidateParser makes the release candidate parser live for that customer.
copy POST /v1alpha/{name}:copy
CopyPrebuiltParser makes a copy of a prebuilt parser.
create POST /v1alpha/{parent}/parsers
Create a parser.
deactivate POST /v1alpha/{name}:deactivate
DeactivateParser deactivates the requested parser, and activates the prebuilt release parser.
delete DELETE /v1alpha/{name}
Delete a parser.
get GET /v1alpha/{name}
Get a parser.
list GET /v1alpha/{parent}/parsers
List all parsers.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports

Methods
get GET /v1alpha/{name}
Get a validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports.parsingErrors

Methods
list GET /v1alpha/{parent}/parsingErrors
List parsing errors of a validation report.

REST Resource: v1alpha.projects.locations.instances.logs

Methods
classify POST /v1alpha/{parent}/logs:classify
Classify the logs to the corresponding logType.

REST Resource: v1alpha.projects.locations.instances.marketplaceIntegrations

Methods
fetchCommercialDiff GET /v1alpha/{name}:fetchCommercialDiff
Fetches the diff between the commercial and the marketplace integration.
get GET /v1alpha/{name}
Gets a MarketplaceIntegration.
install POST /v1alpha/{parent}:install
Installs a MarketplaceIntegration.
list GET /v1alpha/{parent}/marketplaceIntegrations
Lists MarketplaceIntegrations.
uninstall POST /v1alpha/{name}:uninstall
Uninstalls a MarketplaceIntegration.

REST Resource: v1alpha.projects.locations.instances.moduleSettings

Methods
get GET /v1alpha/{name}
Get a ModuleSettings.
list GET /v1alpha/{parent}/moduleSettings
List ModuleSettings.
rebrandingSettings GET /v1alpha/{parent}/moduleSettings:rebrandingSettings
The method returns the rebranding settings.

REST Resource: v1alpha.projects.locations.instances.moduleSettings.properties

Methods
batchUpdate POST /v1alpha/{parent}/properties:batchUpdate
Batch update ModuleSettingsProperties.
get GET /v1alpha/{name}
Get a ModuleSettingsProperty.
list GET /v1alpha/{parent}/properties
List ModuleSettingsProperties.
patch PATCH /v1alpha/{moduleSettingsProperty.name}
Update a ModuleSettingsProperty.
testSettings POST /v1alpha/{parent}/properties:testSettings
The method tests the configured module settings, and by this ensures that all settings of the module were configured properly.

REST Resource: v1alpha.projects.locations.instances.nativeDashboards

Methods
addChart POST /v1alpha/{name}:addChart
Add chart in a dashboard.
create POST /v1alpha/{parent}/nativeDashboards
Create a dashboard.
delete DELETE /v1alpha/{name}
Delete a dashboard.
duplicate POST /v1alpha/{name}:duplicate
Duplicate a dashboard.
duplicateChart POST /v1alpha/{name}:duplicateChart
Duplicate chart in a dashboard.
editChart POST /v1alpha/{name}:editChart
Edit chart in a dashboard.
export POST /v1alpha/{parent}/nativeDashboards:export
Exports the dashboards.
get GET /v1alpha/{name}
Get a dashboard.
import POST /v1alpha/{parent}/nativeDashboards:import
Imports the dashboards.
list GET /v1alpha/{parent}/nativeDashboards
List all dashboards.
patch PATCH /v1alpha/{nativeDashboard.name}
Update a dashboard.
removeChart POST /v1alpha/{name}:removeChart
Remove chart from a dashboard.

REST Resource: v1alpha.projects.locations.instances.notebooks

Methods
get GET /v1alpha/{name}
GetNotebook is used to retrieve an notebook.
list GET /v1alpha/{parent}/notebooks
ListNotebooks is used to retrieve existing notebooks for a given instance.

REST Resource: v1alpha.projects.locations.instances.ontologyRecords

Methods
delete DELETE /v1alpha/{name}
Delete an ontology record.
export POST /v1alpha/{parent}/ontologyRecords:export
Export ontology records.
get GET /v1alpha/{name}
Get specific ontology record.
import POST /v1alpha/{parent}/ontologyRecords:import
Import ontology records.
list GET /v1alpha/{parent}/ontologyRecords
List all ontology records.
patch PATCH /v1alpha/{ontologyRecord.name}
Update an ontology record.
statistics GET /v1alpha/{parent}/ontologyRecords:statistics
Get ontology records statistics.

REST Resource: v1alpha.projects.locations.instances.ontologyRecords.mappingRules

Methods
delete DELETE /v1alpha/{name}
Delete a MappingRule.
fetchAll GET /v1alpha/{parent}/mappingRules:fetchAll
Fetch all mapping rules, existing and candidates.
get GET /v1alpha/{name}
Get a MappingRule.
list GET /v1alpha/{parent}/mappingRules
Lists MappingRules.
patch PATCH /v1alpha/{mappingRule.name}
Update a MappingRule.
save POST /v1alpha/{parent}/mappingRules:save
Save a mapping rule.
test POST /v1alpha/{name}:test
Test a MappingRule.

REST Resource: v1alpha.projects.locations.instances.ontologyRecords.visualFamilies

Methods
create POST /v1alpha/{parent}/visualFamilies
Creates a new VisualFamily.
delete DELETE /v1alpha/{name}
Deletes a VisualFamily.
export POST /v1alpha/{parent}/visualFamilies:export
Exports VisualFamilies.
get GET /v1alpha/{name}
Gets a VisualFamily.
import POST /v1alpha/{parent}/visualFamilies:import
Imports VisualFamilies.
list GET /v1alpha/{parent}/visualFamilies
Lists VisualFamilies in a given ontology record.
patch PATCH /v1alpha/{visualFamily.name}
Updates a VisualFamily.

REST Resource: v1alpha.projects.locations.instances.operations

Methods
cancel POST /v1alpha/{name}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1alpha/{name}
Deletes a long-running operation.
get GET /v1alpha/{name}
Gets the latest state of a long-running operation.
list GET /v1alpha/{name}/operations
Lists operations that match the specified filter in the request.
streamSearch GET /v1alpha/{name}:streamSearch
Streams the results of an in-progress search operation, or returns the final results of a completed operation.

REST Resource: v1alpha.projects.locations.instances.propertySchemaDefinitions

Methods
create POST /v1alpha/{parent}/propertySchemaDefinitions
Create a PropertySchemaDefinition.
delete DELETE /v1alpha/{name}
Delete a PropertySchemaDefinition.
get GET /v1alpha/{name}
Get a PropertySchemaDefinition.
list GET /v1alpha/{parent}/propertySchemaDefinitions
Lists PropertySchemaDefinitions.
patch PATCH /v1alpha/{propertySchemaDefinition.name}
Update a PropertySchemaDefinition.

REST Resource: v1alpha.projects.locations.instances.referenceLists

Methods
create POST /v1alpha/{parent}/referenceLists
Creates a new reference list.
get GET /v1alpha/{name}
Gets a single reference list.
list GET /v1alpha/{parent}/referenceLists
Lists a collection of reference lists.
patch PATCH /v1alpha/{referenceList.name}
Updates an existing reference list.

REST Resource: v1alpha.projects.locations.instances.remoteAgents

Methods
connectorValidRemoteAgents GET /v1alpha/{parent}/remoteAgents:connectorValidRemoteAgents
Returns a list of all remote agents, including their availability state with respect to this specific connector.
create POST /v1alpha/{parent}/remoteAgents
Creates a SOAR remote agent.
delete DELETE /v1alpha/{name}
Deletes a SOAR remote agent.
fetchEditableRemoteAgents GET /v1alpha/{parent}/remoteAgents:fetchEditableRemoteAgents
Returns a list of all the remote agents that the user can edit.
fetchInstallationCommand GET /v1alpha/{name}:fetchInstallationCommand
Fetches the installation command of the remote agent.
fetchInstallerFile GET /v1alpha/{name}:fetchInstallerFile
Returns the installer file of the remote agent.
fetchRedeployStatus GET /v1alpha/{name}:fetchRedeployStatus
Returns the redeploy status of the integrations in the remote agent.
fetchRemoteAgentsCompatibleWithJobs GET /v1alpha/{parent}/remoteAgents:fetchRemoteAgentsCompatibleWithJobs
Return a list of all the remote agents with availability status for jobs on specific integration.
fetchRemoteAgentsInformation POST /v1alpha/{parent}/remoteAgents:fetchRemoteAgentsInformation
Returns a list of all remote agents, including their advanced information.
get GET /v1alpha/{name}
Gets a SOAR remote agent.
list GET /v1alpha/{parent}/remoteAgents
Lists SOAR remote agents.
migrateConnectors POST /v1alpha/{name}:migrateConnectors
Migrates legacy connector from remote to local scheduling.
patch PATCH /v1alpha/{remoteAgent.name}
Updates an existing remote agent.
redeployRemoteAgent POST /v1alpha/{parent}/remoteAgents:redeployRemoteAgent
Redeploys remote agent from an already existing remote agent.
sendRemoteAgentInstaller POST /v1alpha/{name}:sendRemoteAgentInstaller
Sends the remote agent installer to the recipients.
upgradeRemoteAgent POST /v1alpha/{name}:upgradeRemoteAgent
Upgrades remote agent to the latest version.

REST Resource: v1alpha.projects.locations.instances.requestTemplates

Methods
create POST /v1alpha/{parent}/requestTemplates
Creates a RequestTemplate.
delete DELETE /v1alpha/{name}
Deletes a RequestTemplate.
get GET /v1alpha/{name}
Gets a RequestTemplate.
list GET /v1alpha/{parent}/requestTemplates
Lists RequestTemplates.
patch PATCH /v1alpha/{requestTemplate.name}
Updates a RequestTemplate.

REST Resource: v1alpha.projects.locations.instances.ruleExecutionErrors

Methods
list GET /v1alpha/{parent}/ruleExecutionErrors
Lists rule execution errors.

REST Resource: v1alpha.projects.locations.instances.rules

Methods
create POST /v1alpha/{parent}/rules
Creates a new Rule.
delete DELETE /v1alpha/{name}
Deletes a Rule.
get GET /v1alpha/{name}
Gets a Rule.
getDeployment GET /v1alpha/{name}
Gets a RuleDeployment.
list GET /v1alpha/{parent}/rules
Lists Rules.
listRevisions GET /v1alpha/{name}:listRevisions
Lists all revisions of the rule.
patch PATCH /v1alpha/{rule.name}
Updates a Rule.
updateDeployment PATCH /v1alpha/{ruleDeployment.name}
Updates a RuleDeployment.

REST Resource: v1alpha.projects.locations.instances.rules.deployments

Methods
list GET /v1alpha/{parent}/deployments
Lists RuleDeployments across all Rules.

REST Resource: v1alpha.projects.locations.instances.rules.retrohunts

Methods
create POST /v1alpha/{parent}/retrohunts
Create a Retrohunt.
get GET /v1alpha/{name}
Get a Retrohunt.
list GET /v1alpha/{parent}/retrohunts
List Retrohunts.

REST Resource: v1alpha.projects.locations.instances.slaDefinitions

Methods
create POST /v1alpha/{parent}/slaDefinitions
Creates a SlaDefinition.
delete DELETE /v1alpha/{name}
Deletes a SlaDefinition.
export GET /v1alpha/{parent}/slaDefinitions:export
Exports a SlaDefinitions.
get GET /v1alpha/{name}
Gets a SlaDefinition.
import POST /v1alpha/{parent}/slaDefinitions:import
Imports a SlaDefinitions.
list GET /v1alpha/{parent}/slaDefinitions
Lists a SlaDefinitions.
patch PATCH /v1alpha/{slaDefinition.name}
Updates a SlaDefinition.

REST Resource: v1alpha.projects.locations.instances.soarDomains

Methods
create POST /v1alpha/{parent}/soarDomains
Create a SoarDomain.
delete DELETE /v1alpha/{name}
Delete a SoarDomain.
export GET /v1alpha/{parent}/soarDomains:export
Export SoarDomains.
get GET /v1alpha/{name}
Get a SoarDomain.
import POST /v1alpha/{parent}/soarDomains:import
Import SoarDomains.
list GET /v1alpha/{parent}/soarDomains
Lists soar domains.
patch PATCH /v1alpha/{soarDomain.name}
Update a SoarDomain.

REST Resource: v1alpha.projects.locations.instances.soarNetworks

Methods
create POST /v1alpha/{parent}/soarNetworks
Create a SoarNetwork.
delete DELETE /v1alpha/{name}
Delete a SoarNetwork.
deleteAll DELETE /v1alpha/{parent}/soarNetworks:all
Delete a SoarNetwork.
export GET /v1alpha/{parent}/soarNetworks:export
Export SoarNetworks.
get GET /v1alpha/{name}
Get a SoarNetwork.
import POST /v1alpha/{parent}/soarNetworks:import
Import SoarNetworks.
list GET /v1alpha/{parent}/soarNetworks
Lists SOAR SoarNetworks.
patch PATCH /v1alpha/{soarNetwork.name}
Update a SoarNetwork.

REST Resource: v1alpha.projects.locations.instances.socRoles

Methods
create POST /v1alpha/{parent}/socRoles
Creates a SocRole.
delete DELETE /v1alpha/{name}
Deletes a SocRole.
get GET /v1alpha/{name}
Gets a SocRole.
list GET /v1alpha/{parent}/socRoles
Lists SocRoles.
patch PATCH /v1alpha/{socRole.name}
Updates a SocRole.

REST Resource: v1alpha.projects.locations.instances.tasks

Methods
create POST /v1alpha/{parent}/tasks
Create a Task.
delete DELETE /v1alpha/{name}
Delete a Task.
get GET /v1alpha/{name}
Get a Task.
list GET /v1alpha/{parent}/tasks
Lists soar tasks.
patch PATCH /v1alpha/{task.name}
Update a Task.

REST Resource: v1alpha.projects.locations.instances.threatCollections

Methods
fetchIocMatchMetadata GET /v1alpha/{parent}/threatCollections:fetchIocMatchMetadata
Gets a batch (list) of ioc match metadata for a list of threat collections.
get GET /v1alpha/{name}
Gets a threat collection by resource name.
list GET /v1alpha/{parent}/threatCollections
Lists threat collections, which contain reports and tracked threat campaigns from Google Threat Intelligence.

REST Resource: v1alpha.projects.locations.instances.uniqueEntities

Methods
addNote POST /v1alpha/{parent}/uniqueEntities:addNote
Adds a note to a UniqueEntity.
download GET /v1alpha/{name}/uniqueEntities:generateReport
Downloads a unique entity report.
fetchFull POST /v1alpha/{parent}/uniqueEntities:fetchFull
Fetches a full UniqueEntity.
get GET /v1alpha/{name}
Get a UniqueEntity.
list GET /v1alpha/{parent}/uniqueEntities
Lists UniqueEntities.
patch PATCH /v1alpha/{uniqueEntity.name}
Update a UniqueEntity.

REST Resource: v1alpha.projects.locations.instances.users

Methods
clearConversationHistory POST /v1alpha/{name}:clearConversationHistory
ClearConversationHistory deletes all the user's data (messages and conversations) except of feedbacks.
getPreferenceSet GET /v1alpha/{name}
Endpoint for getting a user's PreferenceSet
updatePreferenceSet PATCH /v1alpha/{preferenceSet.name}
Endpoint for updating user data saved query

REST Resource: v1alpha.projects.locations.instances.users.conversations

Methods
create POST /v1alpha/{parent}/conversations
CreateConversation is used to create a new conversation.
delete DELETE /v1alpha/{name}
DeleteConversation is used to delete a conversation.
get GET /v1alpha/{name}
GetConversation is used to retrieve an existing conversation.
list GET /v1alpha/{parent}/conversations
ListConversations is used to retrieve existing conversations.
patch PATCH /v1alpha/{conversation.name}
UpdateConversation is used to update an existing conversation.

REST Resource: v1alpha.projects.locations.instances.users.conversations.messages

Methods
create POST /v1alpha/{parent}/messages
CreateMessage is used to create a new message in a conversation.
delete DELETE /v1alpha/{name}
DeleteMessage is used to delete a message.
get GET /v1alpha/{name}
GetMessage is used to retrieve a message.
list GET /v1alpha/{parent}/messages
ListMessages is used to retrieve existing messages for a conversation.
patch PATCH /v1alpha/{message.name}
UpdateMessage is used to update an existing message.

REST Resource: v1alpha.projects.locations.instances.users.searchQueries

Methods
create POST /v1alpha/{parent}/searchQueries
Endpoint for adding a new entry to the specified collection of user data
delete DELETE /v1alpha/{name}
Endpoint for deleting a user data saved query entry
get GET /v1alpha/{name}
Endpoint for getting a user's Saved query entry
list GET /v1alpha/{parent}/searchQueries
Endpoint for listing the user data saved queries owned by the specified user
patch PATCH /v1alpha/{searchQuery.name}
Endpoint for updating user data saved query

REST Resource: v1alpha.projects.locations.instances.watchlists

Methods
create POST /v1alpha/{parent}/watchlists
Creates a watchlist for the given instance.
delete DELETE /v1alpha/{name}
Deletes the watchlist for the given instance.
get GET /v1alpha/{name}
Gets watchlist details for the given watchlist ID.
list GET /v1alpha/{parent}/watchlists
Lists all watchlists for the given instance.
listEntities GET /v1alpha/{parent}:listEntities
Lists all entities for the given watchlist.
patch PATCH /v1alpha/{watchlist.name}
Updates the watchlist for the given instance.

REST Resource: v1alpha.projects.locations.instances.watchlists.entities

Methods
add POST /v1alpha/{parent}/entities:add
Adds an entity in watchlist.
batchAdd POST /v1alpha/{parent}/entities:batchAdd
Adds a batch of entities under watchlist.
batchRemove POST /v1alpha/{parent}/entities:batchRemove
Removes entities in batch in the given watchlist.
remove POST /v1alpha/{name}:remove
Removes the entity in the given watchlist.

REST Resource: v1alpha.projects.locations.instances.webhooks

Methods
create POST /v1alpha/{parent}/webhooks
Create a SOAR webhook configuration.
delete DELETE /v1alpha/{name}
Delete a webhook.
exportLogs POST /v1alpha/{name}:exportLogs
Exports logs for a given webhook.
get GET /v1alpha/{name}
Get a single webhook.
getLogs GET /v1alpha/{name}:getLogs
Get a log for a given webhook.
getStatistics GET /v1alpha/{name}:getStatistics
Get statistics for a given webhook.
ingest POST /v1alpha/{name}:ingest
Ingest data for a given webhook.
list GET /v1alpha/{parent}/webhooks
Lists existing SOAR webhooks.
patch PATCH /v1alpha/{webhook.name}
Update a webhook.
revokeUrl POST /v1alpha/{name}:revokeUrl
RevokeUrl revokes a previously registered webhook URL, invalidating it and preventing further access.

REST Resource: v1.projects.locations.instances

Methods
get GET /v1/{name}
Gets a Instance.

REST Resource: v1.projects.locations.instances.dataAccessLabels

Methods
create POST /v1/{parent}/dataAccessLabels
Creates a data access label.
delete DELETE /v1/{name}
Deletes a data access label.
get GET /v1/{name}
Gets a data access label.
list GET /v1/{parent}/dataAccessLabels
Lists all data access labels for the customer.
patch PATCH /v1/{dataAccessLabel.name}
Updates a data access label.

REST Resource: v1.projects.locations.instances.dataAccessScopes

Methods
create POST /v1/{parent}/dataAccessScopes
Creates a data access scope.
delete DELETE /v1/{name}
Deletes a data access scope.
get GET /v1/{name}
Retrieves an existing data access scope.
list GET /v1/{parent}/dataAccessScopes
Lists all existing data access scopes for the customer.
patch PATCH /v1/{dataAccessScope.name}
Updates a data access scope.

REST Resource: v1.projects.locations.instances.operations

Methods
cancel POST /v1/{name}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1/{name}
Deletes a long-running operation.
get GET /v1/{name}
Gets the latest state of a long-running operation.
list GET /v1/{name}/operations
Lists operations that match the specified filter in the request.

REST Resource: v1.projects.locations.instances.referenceLists

Methods
create POST /v1/{parent}/referenceLists
Creates a new reference list.
get GET /v1/{name}
Gets a single reference list.
list GET /v1/{parent}/referenceLists
Lists a collection of reference lists.
patch PATCH /v1/{referenceList.name}
Updates an existing reference list.

REST Resource: v1.projects.locations.instances.rules

Methods
create POST /v1/{parent}/rules
Creates a new Rule.
delete DELETE /v1/{name}
Deletes a Rule.
get GET /v1/{name}
Gets a Rule.
getDeployment GET /v1/{name}
Gets a RuleDeployment.
list GET /v1/{parent}/rules
Lists Rules.
listRevisions GET /v1/{name}:listRevisions
Lists all revisions of the rule.
patch PATCH /v1/{rule.name}
Updates a Rule.
updateDeployment PATCH /v1/{ruleDeployment.name}
Updates a RuleDeployment.

REST Resource: v1.projects.locations.instances.rules.deployments

Methods
list GET /v1/{parent}/deployments
Lists RuleDeployments across all Rules.

REST Resource: v1.projects.locations.instances.rules.retrohunts

Methods
create POST /v1/{parent}/retrohunts
Create a Retrohunt.
get GET /v1/{name}
Get a Retrohunt.
list GET /v1/{parent}/retrohunts
List Retrohunts.

REST Resource: v1.projects.locations.instances.watchlists

Methods
create POST /v1/{parent}/watchlists
Creates a watchlist for the given instance.
delete DELETE /v1/{name}
Deletes the watchlist for the given instance.
get GET /v1/{name}
Gets watchlist details for the given watchlist ID.
list GET /v1/{parent}/watchlists
Lists all watchlists for the given instance.
patch PATCH /v1/{watchlist.name}
Updates the watchlist for the given instance.