BigQueryExport

JSON representation
BigQueryExportPackage
DataSourceExportSettings
- JSON representation
LatestExportJobState

This resource represents the BigQuery export configuration for a Chronicle instance which includes Google Cloud Platform resources like Cloud Storage buckets, BigQuery datasets etc and the export settings for each data source.

JSON representation

JSON representation
{ "name": string, "provisioned": boolean, "bigQueryExportPackage": enum (`BigQueryExportPackage`), "entityGraphSettings": { object (`DataSourceExportSettings`) }, "iocMatchesSettings": { object (`DataSourceExportSettings`) }, "ruleDetectionsSettings": { object (`DataSourceExportSettings`) }, "udmEventsAggregatesSettings": { object (`DataSourceExportSettings`) }, "udmEventsSettings": { object (`DataSourceExportSettings`) } }

{
  "name": string,
  "provisioned": boolean,
  "bigQueryExportPackage": enum (BigQueryExportPackage),
  "entityGraphSettings": {
    object (DataSourceExportSettings)
  },
  "iocMatchesSettings": {
    object (DataSourceExportSettings)
  },
  "ruleDetectionsSettings": {
    object (DataSourceExportSettings)
  },
  "udmEventsAggregatesSettings": {
    object (DataSourceExportSettings)
  },
  "udmEventsSettings": {
    object (DataSourceExportSettings)
  }
}

Fields
`name`	`string` Identifier. The resource name of the BigQueryExport. Format: projects/{project}/locations/{location}/instances/{instance}/bigQueryExport
`provisioned`	`boolean` Output only. Whether the BigQueryExport has been provisioned for the Chronicle instance.
`bigQueryExportPackage`	`enum (BigQueryExportPackage)` Output only. The BigQueryExportPackage entitled for the Chronicle instance.
`entityGraphSettings`	`object (DataSourceExportSettings)` Optional. The export settings for the Entity Graph data source.
`iocMatchesSettings`	`object (DataSourceExportSettings)` Optional. The export settings for the IOC Matches data source.
`ruleDetectionsSettings`	`object (DataSourceExportSettings)` Optional. The export settings for the Rule Detections data source.
`udmEventsAggregatesSettings`	`object (DataSourceExportSettings)` Optional. The export settings for the UDM Events Aggregates data source.
`udmEventsSettings`	`object (DataSourceExportSettings)` Optional. The export settings for the UDM Events data source.

BigQueryExportPackage

The BigQueryExportPackage entitled for the Chronicle instance.

Enums
`BIG_QUERY_EXPORT_PACKAGE_UNSPECIFIED`	The BigQueryExportPackage is unspecified.
`BIG_QUERY_EXPORT_PACKAGE_BYOBQ`	The BigQueryExportPackage is Bring Your Own BigQuery.
`BIG_QUERY_EXPORT_PACKAGE_ADVANCED`	The BigQueryExportPackage is Advanced BigQuery.

DataSourceExportSettings

The export settings for a data source.

JSON representation
{ "enabled": boolean, "retentionDays": integer, "latestExportJobState": enum (`LatestExportJobState`), "dataFreshnessTime": string, "dataVolume": string }

Fields
`enabled`	`boolean` Required. Whether the data source is enabled for export.
`retentionDays`	`integer` Required. The retention period for the data source in days.
`latestExportJobState`	`enum (LatestExportJobState)` Output only. The state of the latest data source export job.
`dataFreshnessTime`	`string (Timestamp format)` Output only. The data freshness of the given export which represents the time bucket at which the latest event was exported. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`dataVolume`	`string (int64 format)` Output only. The stored data volume of all the exports.

LatestExportJobState

The state of the latest data source export job.

Enums
`LATEST_EXPORT_JOB_STATE_UNSPECIFIED`	The latest export job state is unspecified.
`LATEST_EXPORT_JOB_STATE_SUCCESS`	The latest export job state is successful.
`LATEST_EXPORT_JOB_STATE_FAILED`	The latest export job state is failed.