Console

Method: iocs.find

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
IAM Permissions
Try it!

Full name: projects.locations.instances.iocs.find

Gets a list of Iocs given a list of parameters that uniquely identify them.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`parent`	`string` Required. The parent, which is the SecOps instance. Format: projects/{project}/locations/{location}/instances/{instance}

parent

string

Required. The parent, which is the SecOps instance. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "fieldAndValue": [ { object (`FieldAndValue`) } ] }

Fields

Fields
`fieldAndValue[]`	`object (FieldAndValue)` Required. Parameters to identify the IOCs. Each item should uniquely identify one Ioc record. Only `valueType` is supported, and only the following ValueType options: - HASH_MD5 - HASH_SHA1 - HASH_SHA256 - DOMAIN_NAME - RESOLVED_IP_ADDRESS

fieldAndValue[]

object (FieldAndValue)

Required. Parameters to identify the IOCs. Each item should uniquely identify one Ioc record. Only valueType is supported, and only the following ValueType options: - HASH_MD5 - HASH_SHA1 - HASH_SHA256 - DOMAIN_NAME - RESOLVED_IP_ADDRESS

Response body

The response to a iocs.find request.

If successful, the response body contains data with the following structure:

JSON representation
{ "iocs": [ { object (`Ioc`) } ] }

Fields

Fields
`iocs[]`	`object (Ioc)` The Iocs that match the request. Note this returns a max of 1000 IOCs, in the order requested.

iocs[]

object (Ioc)

The Iocs that match the request. Note this returns a max of 1000 IOCs, in the order requested.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

chronicle.iocs.findIocs

For more information, see the IAM documentation.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-09-22 UTC.