BigQueryExport

This resource represents the BigQuery export configuration for a Chronicle instance which includes Google Cloud Platform resources like Cloud Storage buckets, BigQuery datasets etc and the export settings for each data source.

JSON representation 
{
  "name": string,
  "provisioned": boolean,
  "big_query_export_package": enum (BigQueryExportPackage),
  "entity_graph_settings": {
    object (DataSourceExportSettings)
  },
  "ioc_matches_settings": {
    object (DataSourceExportSettings)
  },
  "rule_detections_settings": {
    object (DataSourceExportSettings)
  },
  "udm_events_aggregates_settings": {
    object (DataSourceExportSettings)
  },
  "udm_events_settings": {
    object (DataSourceExportSettings)
  }
}
Fields
name

string

Identifier. The resource name of the BigQueryExport. Format: projects/{project}/locations/{location}/instances/{instance}/bigQueryExport
provisioned

boolean

Output only. Whether the BigQueryExport has been provisioned for the Chronicle instance.
big_query_export_package

enum (BigQueryExportPackage)

Output only. The BigQueryExportPackage entitled for the Chronicle instance.
entity_graph_settings

object (DataSourceExportSettings)

Optional. The export settings for the Entity Graph data source.
ioc_matches_settings

object (DataSourceExportSettings)

Optional. The export settings for the IOC Matches data source.
rule_detections_settings

object (DataSourceExportSettings)

Optional. The export settings for the Rule Detections data source.
udm_events_aggregates_settings

object (DataSourceExportSettings)

Optional. The export settings for the UDM Events Aggregates data source.
udm_events_settings

object (DataSourceExportSettings)

Optional. The export settings for the UDM Events data source.

BigQueryExportPackage

The BigQueryExportPackage entitled for the Chronicle instance.

Enums
BIG_QUERY_EXPORT_PACKAGE_UNSPECIFIED The BigQueryExportPackage is unspecified.
BIG_QUERY_EXPORT_PACKAGE_BYOBQ The BigQueryExportPackage is Bring Your Own BigQuery.
BIG_QUERY_EXPORT_PACKAGE_ADVANCED The BigQueryExportPackage is Advanced BigQuery.

DataSourceExportSettings

The export settings for a data source.

JSON representation 
{
  "enabled": boolean,
  "retention_days": integer,
  "latest_export_job_state": enum (LatestExportJobState),
  "data_freshness_time": string,
  "data_volume": string
}
Fields
enabled

boolean

Required. Whether the data source is enabled for export.
retention_days

integer

Required. The retention period for the data source in days.
latest_export_job_state

enum (LatestExportJobState)

Output only. The state of the latest data source export job.
data_freshness_time

string (Timestamp format)

Output only. The data freshness of the given export which represents the time bucket at which the latest event was exported.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
data_volume

string (int64 format)

Output only. The stored data volume of all the exports.

LatestExportJobState

The state of the latest data source export job.

Enums
LATEST_EXPORT_JOB_STATE_UNSPECIFIED The latest export job state is unspecified.
LATEST_EXPORT_JOB_STATE_SUCCESS The latest export job state is successful.
LATEST_EXPORT_JOB_STATE_FAILED The latest export job state is failed.