Optional. Time range in which we want to find detections.
pageSize
integer
Optional. The maximum number of detections to return. Max is 10000, anything over max will be coerced to max.
pageToken
string
Optional. A page token, received from a previous SearchDetectionEventsForIoC call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to SearchDetectionEventsForIoC must match the call that provided the page token.
Request body
The request body must be empty.
Response body
Response message to search for curated detection of an Ioc
If successful, the response body contains data with the following structure:
Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis endpoint, \u003ccode\u003eprojects.locations.instances.iocs.searchCuratedDetectionsForIoc\u003c/code\u003e, retrieves curated detections for a specified Indicator of Compromise (IOC) within a given project, location, and instance.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a \u003ccode\u003eGET\u003c/code\u003e HTTP method, specifying the IOC's path in the URL and supports optional query parameters such as \u003ccode\u003etimestampRange\u003c/code\u003e, \u003ccode\u003epageSize\u003c/code\u003e, and \u003ccode\u003epageToken\u003c/code\u003e for filtering and pagination of results.\u003c/p\u003e\n"],["\u003cp\u003eThe response includes a list of \u003ccode\u003edetections\u003c/code\u003e, \u003ccode\u003eartifact_indicator\u003c/code\u003e, and \u003ccode\u003enext_page_token\u003c/code\u003e, along with the \u003ccode\u003eLegacyIocCuratedDetection\u003c/code\u003e schema detailing each detection's priority, score, device action, asset details, log source, user ID, detection ID, and detection time.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization to use this API requires the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e and the IAM permission \u003ccode\u003echronicle.iocs.searchCuratedDetectionsForIoc\u003c/code\u003e on the specified resource.\u003c/p\u003e\n"],["\u003cp\u003eThe Request body must be empty.\u003c/p\u003e\n"]]],[],null,["# Method: iocs.searchCuratedDetectionsForIoc\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Query parameters](#body.QUERY_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n - [JSON representation](#body.SearchCuratedDetectionsForIocResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [IAM Permissions](#body.aspect_1)\n- [LegacyIocCuratedDetection](#LegacyIocCuratedDetection)\n - [JSON representation](#LegacyIocCuratedDetection.SCHEMA_REPRESENTATION)\n- [Try it!](#try-it)\n\n**Full name**: projects.locations.instances.iocs.searchCuratedDetectionsForIoc\n\nSearch curated detections for an Ioc.\n\n### HTTP request\n\nChoose a location: \nafrica-south1 asia-northeast1 asia-south1 asia-southeast1 asia-southeast2 australia-southeast1 europe-west12 europe-west2 europe-west3 europe-west6 europe-west9 me-central1 me-central2 me-west1 northamerica-northeast2 southamerica-east1 us eu \n\n\u003cbr /\u003e\n\n### Path parameters\n\n### Query parameters\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nResponse message to search for curated detection of an Ioc\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\n### IAM Permissions\n\nRequires the following [IAM](https://cloud.google.com/iam/docs) permission on the `name` resource:\n\n- `chronicle.iocs.searchCuratedDetectionsForIoc`\n\nFor more information, see the [IAM documentation](https://cloud.google.com/iam/docs).\n\nLegacyIocCuratedDetection\n-------------------------\n\nDescribed the detections generated by curated rules."]]