- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Try it!
Full name: projects.locations.instances.legacy.legacyGetEventForDetection
Legacy endpoint for getting event for curated detection.
HTTP request
Path parameters
| Parameters | |
|---|---|
instance |
Output only. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
| Parameters | |
|---|---|
detectionId |
Required. The unique ID of the curated detection. A base64-encoded string. |
pageSize |
Optional. Number of events to return per page. Default value is 1000 if the pageSize is not set in the request. |
nextPageToken |
Optional. Page token to support pagination. If no token is supplied, the first page of events will be returned. |
Request body
The request body must be empty.
Response body
GetEventForDetection response to get event for a curated detection.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "rationale": [ string ], "conclusion": enum ( |
| Fields | |
|---|---|
rationale[] |
Rationale behind prioritization of event. |
conclusion |
Concluded priority of an event. |
event[] |
Unified Data Model Event. |
entities[] |
List of Entity. |
detectionTime |
Detection time of detection. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance resource:
chronicle.legacies.legacyGetEventForDetection
For more information, see the IAM documentation.