Method: iocAssociations.fetchRelated

Full name: projects.locations.instances.iocAssociations.fetchRelated

List related Associations (Threat Actors or Malware Families) for a given threat resource.

HTTP request


Path parameters

Parameters
parent

string

Required. The parent resource of the Associations (Threat Actors or Malware Families). Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
associationType

enum (AssociationType)

Required. The type (Threat Actor or Malware Family) of related Associations to return.
pageSize

integer

Optional. The maximum number of Associations (Threat Actors or Malware Families) to return. The default is 10, and the maximum value is 40.
pageToken

string

Optional. A page token, received from a previous iocAssociations.fetchRelated call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to iocAssociations.fetchRelated must match the call that provided the page token.
orderBy

string

Optional. The order to sort the returned Associations by. Default is descending last_modification_date. The supported order syntax matches the fields defined in the GTI API docs here: https://gtidocs.virustotal.com/reference/list-threats#allowed-orders

Supported orders: - name: sorts objects alphabetically by name, ascending + or descending -. Name in this context refers to the threatDisplayName for an Association. - last_modification_date: sorts objects descending - by most recently modified objects first, or ascending + by firstly modified objects first. This refers to the lastReferenceTime field for an Association.
Union parameter threat_resource. The threat resource to get the related associations (Threat Actors or Malware Families) for. threat_resource can be only one of the following:
iocAssociation

string

Optional. The name of the IocAssociation resource (Threat Actor or Malware Family) to get the related associations (Threat Actors or Malware Families) for. Format: projects/{project}/locations/{location}/instances/{instance}/iocAssociations/{iocAssociation}
ioc

string

Optional. The name of the ioc resource to get the related associations (Threat Actors or Malware Families) for. Format: projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc}
threatCollection

string

Optional. The name of the ThreatCollection resource (GTI Campaign or Report) to get the related associations (Threat Actors or Malware Families) for. Format: projects/{project}/locations/{location}/instances/{instance}/threatCollections/{threatCollection}

Request body

The request body must be empty.

Response body

Response containing a list of related associations (Threat Actors or Malware Families) for a given threat resource.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "iocAssociations": [
    {
      object (IocAssociation)
    }
  ],
  "nextPageToken": string,
  "totalSize": integer
}
Fields
iocAssociations[]

object (IocAssociation)

Output only. The list of related associations (Threat Actors or Malware Families).
nextPageToken

string

Output only. A token that can be sent as pageToken to retrieve the next page. If this field is omitted, there are no subsequent pages.
totalSize

integer

Output only. The total number of associations (Threat Actors or Malware Families) that match the request. The count of iocAssociations returned by pagination may be less than the totalSize that matches.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.iocAssociations.fetchRelated

For more information, see the IAM documentation.