Method: iocAssociations.fetchRelatedThreatCollections

Full name: projects.locations.instances.iocAssociations.fetchRelatedThreatCollections

List related threat collections for an IocAssociation.

HTTP request


Path parameters

Parameters
name

string

Required. The name of the ioc association resource to get the threat collections for. Format: projects/{project}/locations/{location}/instances/{instance}/iocAssociations/{iocAssociation}

Query parameters

Parameters
threatCollectionType

enum (ThreatCollectionType)

Required. The type of related threat collections to get.
pageSize

integer

Optional. The maximum number of threat collections to return. The default is 10, and the maximum value is 40.
pageToken

string

Optional. A page token, received from a previous iocAssociations.fetchRelatedThreatCollections call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to iocAssociations.fetchRelatedThreatCollections must match the call that provided the page token.
filter

string

Optional. A filter that can be used to retrieve specific threat collections. Supported filters: - Text without modifiers: Collection's name, description or tag. - creation_date: Collection's creation date. - description: Collection's description. You can search for word or expressions (full-text search). - name: Collection's name. - owner: Collection's owner. - source_region: Collections's source region. You can use ISO 3166-1 alpha-2 country codes, the ISO or the full country name. - tag: Collection's tag. - targeted_industry: Collections's targeted industry. - targeted_region: Collections's targeted region. Same use as source_region. - threat_category: Collection's threat category.
orderBy

string

Optional. The order to sort the returned threat collections by. Default is descending last_modification_date. The supported order syntax matches the fields defined in the GTI API docs here: https://gtidocs.virustotal.com/reference/list-threats#allowed-orders

Supported orders: - name: sorts objects alphabetically by name, ascending + or descending -. Name in this context refers to the displayName for a threat collection. -creation_date: sorts objects descending - (default) by most recently created objects first, or ascending + by oldest created objects first. This refers to the createTime field for a threat collection. - last_modification_date: sorts objects descending - by most recently modified objects first, or ascending + by firstly modified objects first. This refers to the updateTime field for a threat collection.

Request body

The request body must be empty.

Response body

Response containing a list of threat collections for an IocAssociation. This is a legacy message soon to be deprecated to migrate to the ThreatCollectionService.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "threatCollections": [
    {
      object (ThreatCollection)
    }
  ],
  "nextPageToken": string,
  "totalSize": integer
}
Fields
threatCollections[]

object (ThreatCollection)

Output only. The list of ThreatCollections.
nextPageToken

string

Output only. A token that can be sent as pageToken to retrieve the next page. If this field is omitted, there are no subsequent pages.
totalSize

integer

Output only. The total number of ThreatCollections that match the request. The count of threatCollections returned by pagination may be less than the totalSize that matches.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • chronicle.iocAssociations.fetchRelatedThreatCollections

For more information, see the IAM documentation.