Method: iocs.find

Full name: projects.locations.instances.iocs.find

Gets a list of Iocs given a list of parameters that uniquely identify them.

HTTP request


Path parameters

Parameters
parent

string

Required. The parent, which is the SecOps instance. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{
  "fieldAndValue": [
    {
      object (FieldAndValue)
    }
  ]
}
Fields
fieldAndValue[]

object (FieldAndValue)

Required. Parameters to identify the IOCs. Each item should uniquely identify one Ioc record. Only valueType is supported, and only the following ValueType options: - HASH_MD5 - HASH_SHA1 - HASH_SHA256 - DOMAIN_NAME - RESOLVED_IP_ADDRESS

Response body

The response to a iocs.find request.

If successful, the response body contains data with the following structure:

JSON representation
{
  "iocs": [
    {
      object (Ioc)
    }
  ]
}
Fields
iocs[]

object (Ioc)

The Iocs that match the request. Note this returns a max of 1000 IOCs, in the order requested.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.iocs.findIocs

For more information, see the IAM documentation.