REST Resource: projects.locations.instances.caseTagDefinitions

Resource: CaseTagDefinition
- JSON representation
MatchCriteria
CompareType
Methods

Resource: CaseTagDefinition

This service is available for customers who migrated SOAR to a customer managed project and have the Chronicle API enabled. Tags are assigned to cases by Google Security Operations based on predefined rules and can be used to classify cases or find specific cases faster. Note that you can manually add tags to a case from the Cases page. These tags can be removed from the case, but NOT removed entirely from the system.

JSON representation

JSON representation
{ "name": string, "displayName": string, "matchCriteria": enum (`MatchCriteria`), "value": string, "propertyName": string, "comparisonType": enum (`CompareType`), "priority": integer, "canBeCaseTitle": boolean }

{
  "name": string,
  "displayName": string,
  "matchCriteria": enum (MatchCriteria),
  "value": string,
  "propertyName": string,
  "comparisonType": enum (CompareType),
  "priority": integer,
  "canBeCaseTitle": boolean
}

Fields
`name`	`string` Identifier. The unique name(ID) of the CaseTagDefinition. Format: projects/{project}/locations/{location}/instances/{instance}/caseTagDefinitions/{caseTagDefinition}
`displayName`	`string` Required. This is the name of the tag that will be applied to the case.
`matchCriteria`	`enum (MatchCriteria)` Required. Classify cases based on a criteria.
`value`	`string` Required. Specific value to search in case - in addition to SearchIn property.
`propertyName`	`string` Optional. Specific Entity property name to search in case. this is relevant only when a SearchIn of type BY_ENTITY_PROPERTY_NAME was chosen.
`comparisonType`	`enum (CompareType)` Required. The type of comparison to be used when comparing the value to the case. This is relevant only when a SearchIn of type BY_ENTITY_PROPERTY_NAME was chosen.
`priority`	`integer` Required. Note that Google Security Operations merges priority with other alerts and entities and events so that the priority here is not absolute.
`canBeCaseTitle`	`boolean` Required. When checked, the tag will be assigned as the title of the case if it meets the conditions. default is false.

MatchCriteria

The criteria to match the case against.

Enums
`MATCH_CRITERIA_UNSPECIFIED`	Unspecified match criteria.
`BY_VENDOR`	e.g. Palo alto.
`BY_PRODUCT`	e.g. IPS, EDR.
`BY_RULE_GENERATOR`	e.g. Data exfiltration.
`BY_ENTITY_PROPERTY_NAME`	e.g. by one of the unique entities.
`DATA_DRIVEN`	e.g. data driven tags.
`SYSTEM`	e.g. system tags.

CompareType

The type of comparison to be used when comparing the value to the case.

Enums
`COMPARE_TYPE_UNSPECIFIED`	Unspecified compare type.
`EXACT`	Exact match.
`START_WITH`	Starts with.
`CONTAIN`	Contains.
`ENDS_WITH`	Ends with.

Methods
`create`	Create a CaseTagDefinition.
`delete`	Delete a CaseTagDefinition.
`get`	Get a CaseTagDefinition.
`import`	Import CaseTagDefinitions.
`list`	Lists CaseTagDefinitions.
`patch`	Update a CaseTagDefinition.

REST Resource: projects.locations.instances.caseTagDefinitions

Resource: CaseTagDefinition

MatchCriteria

CompareType

Methods

`create`

`delete`

`get`

`import`

`list`

`patch`

REST Resource: projects.locations.instances.caseTagDefinitions Stay organized with collections Save and categorize content based on your preferences.

Resource: CaseTagDefinition

MatchCriteria

CompareType

Methods

create

delete

get

import

list

patch

REST Resource: projects.locations.instances.caseTagDefinitions

`create`

`delete`

`get`

`import`

`list`

`patch`