REST Resource: projects.locations.instances.alertGroupingRules

Resource: AlertGroupingRule

This service is available for customers who migrated SOAR to a customer managed project and have the Chronicle API enabled. AlertGroupingRule - Chronicle Alert Grouping Rule. Types of AlertGroupingRules: general, case-spesific

JSON representation 
{
  "name": string,
  "entityType": [
    string
  ],
  "categoryDetails": [
    {
      object (CategoryDetail)
    }
  ],
  "category": enum (AlertGroupingCategory),
  "groupingType": enum (AlertGroupingType)
}
Fields
name

string

Identifier. The resource name of the AlertGroupingRule. Format: projects/{project}/locations/{location}/instances/{instance}/alertGroupingRules/{alertGroupingRule}
entityType[]

string

Required. AlertGroupingRule associated with the entityType.
categoryDetails[]

object (CategoryDetail)

Required. Defines the AlertGroupingRule category details list.
category

enum (AlertGroupingCategory)

Required. The category of the new stage to create.
groupingType

enum (AlertGroupingType)

Required. Defines the AlertGroupingRule groupingType in the lifetime of a case.

AlertGroupingCategory

The category of the new stage to create.

Enums
ALL All categories.
ALERT_TYPE Alert type.
PRODUCT_NAME Product name.
DATA_SOURCE Data source.

AlertGroupingType

Defines the AlertGroupingRule groupingType in the lifetime of a case.

Enums
ENTITIES Entities.
SOURCE_GROUPING_IDENTIFIER Source grouping identifier.
NONE None.

CategoryDetail

Represents details of a category within an AlertGroupingRule.

JSON representation 
{
  "identifier": string,
  "displayName": string
}
Fields
identifier

string

Required. Unique identifier for the category detail.
displayName

string

Required. Human-readable name for the category detail.

Methods

create

 Create a AlertGroupingRule.

delete

 Delete a AlertGroupingRule.

get

 Get a AlertGroupingRule.

list

 List page of AlertGroupingRules.

patch

 Update a AlertGroupingRule.