REST Resource: projects.locations.instances

Resource: Instance

A Instance represents an instantiation of the Instance product.

JSON representation 
{
  "name": string,
  "state": enum (State),
  "purge_time": string,
  "delete_time": string,
  "wipeout_status": enum (WipeoutState),
  "display_name": string,
  "secops_urls": [
    string
  ],
  "customer_code": string
}
Fields
name

string

Output only. The resource name of this instance. Format: projects/{project}/locations/{location}/instances/{instance}
state

enum (State)

Output only. The state of the instance.
purge_time

string (Timestamp format)

Output only. The earliest time that soft-deleted tenants will be permanently deleted and will no longer be able to be undeleted.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
delete_time

string (Timestamp format)

Output only. The time at which the instance was soft-deleted.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
wipeout_status

enum (WipeoutState)

Output only. The wipeout status of the instance.
display_name

string

Output only. The display name of the instance.
secops_urls[]

string

Output only. URL of the SecOps instance for the instance. https://.backstory.chronicle.security
customer_code

string

Output only. An acronym related to the company name.

State

The state of the instance.

Enums
STATE_UNSPECIFIED The default value.
ACTIVE The instance is active.
SOFT_DELETED The instance is soft-deleted.
SOFT_DELETE_INITIATED The instance is in the process of being soft-deleted.
UNDELETE_INITIATED The instance is in the process of being undeleted.

WipeoutState

The wipeout status of the instance.

Enums
WIPEOUT_STATE_UNSPECIFIED The default value.
DELETE_REQUESTED The instance has requested deletion.
SOFT_DELETE_IN_PROGRESS The instance is in the process of being soft-deleted.
SOFT_DELETE_COMPLETED The instance has been soft-deleted.
UNDELETE_REQUESTED The instance has requested undeletion.
DATA_DELETION_IN_PROGRESS The instance is in the process of being data deleted.
ERROR The instance has an error during wipeout.
WIPED_OUT The instance has been wiped out.
UNDELETE_COMPLETED The instance has been undeleted.

Methods

batchValidateWatchlistEntities

 Validates a batch of entities that could be added into watchlist under an instance.

computeAllFindingsRefinementActivities

 Returns findings refinement activity for all findings refinements.

countAllCuratedRuleSetDetections

 Count detections across all curated rule sets.

createFeedback

 RPC to submit user feedback on content generated by AI services.

delete

 DeleteInstance deletes an Instance.

extractSyslog

 ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.

fetchFederationAccess

 FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances.

findEntity

 Identifies the entity type and retrieves relevant data associated with a specified indicator.

findEntityAlerts

 Get alerts for an entity

findRelatedEntities

 Finds all the entities associated with provided entity.

findUdmFieldValues

 Finds ingested UDM field values that match a query.

generateCollectionAgentAuth

 GenerateCollectionAgentAuth generates an auth json file for the collection agent.

generateSoarAuthJwt

 GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar.

generateUdmKeyValueMappings

 GenerateUDMKeyValueMappings generates key value mapping of a raw log.

generateWorkspaceConnectionToken

 Generates a token that can be used to connect a workspace customer to a chronicle instance

get

 Gets a Instance.

getBigQueryExport

 Get the BigQuery export configuration for a Chronicle instance.

getMultitenantDirectory

 Gets the super and subtenants and gets the current tenant name.

getRiskConfig

 Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.

listAllFindingsRefinementDeployments

 Lists all findings refinement deployments.

queryProductSourceStats

 Gets available product sources along with their stats.

report

 Generate a report summarizing this chronicle instance.

searchEntities

 Identifies the entity type and retrieves relevant data associated with a specified indicator.

searchRawLogs

 Api to get events, entities, or unparsed raw logs matching the given raw log query.

summarizeEntitiesFromQuery

 Parses the query and identifies the entities contained within the search query.

summarizeEntity

 Returns all entity data over specified time.

testFindingsRefinement

 Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.

translateUdmQuery

 Translate natural language to a UDM Search query.

translateYlRule

 Translate natural language to a Yara-L rule.

udmSearch

 Performs a UDM search that returns matching events for the query.

undelete

 UndeleteInstance undeletes a soft-deleted Instance.

updateBigQueryExport

 Update the BigQuery export configuration for a Chronicle instance.

updateRiskConfig

 Updates RiskConfig used for the computation of Entity Risk Score.

validateQuery

 Validates UDM search query by compiling the query.

verifyReferenceList

 VerifyReferenceList validates list content and returns line errors, if any.

verifyRuleText

 Verifies the given rule text.