Method: legacy.legacySearchCuratedDetections

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
ListBasis
Try it!

Full name: projects.locations.instances.legacy.legacySearchCuratedDetections

Legacy endpoint for searcing detections for a Curated Rule.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchCuratedDetections

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`ruleId`	`string` Required. The specific Curated Rule ID to list detections for. Detections will be aggregated across all versions of the rule.
`alertState`	`enum (AlertState)` An enum that filters which detections are returned by their AlertState.
`startTime`	`string (Timestamp format)` The time to start search detections from, inclusive. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`endTime`	`string (Timestamp format)` The time to end searching detections to, exclusive. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`listBasis`	`enum (ListBasis)` Basis for determining whether to apply start_time and end_time filters for detection time or creation time of the detection.
`pageSize`	`integer` The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 100 detections will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
`pageToken`	`string` A page token, received from a previous `LegacySearchCuratedDetections` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `LegacySearchCuratedDetections` must match the call that provided the page token.
`maxRespSizeBytes`	`integer` Optional. The maximum size of response in bytes. If it is set to 0 (or is omitted), the server will not enforce any max response size limit.
`includeNestedDetections`	`boolean` Optional. If true, include one level of nested detections in the response.

Request body

The request body must be empty.

Response body

LegacySearchCuratedDetections response message.

If successful, the response body contains data with the following structure:

JSON representation
{ "curated_detections": [ { object (`Collection`) } ], "nested_detection_samples": [ { object (`DetectionWithSamples`) } ], "next_page_token": string, "resp_too_large_detections_truncated": boolean }

Fields
`curated_detections[]`	`object (Collection)` Either curated_detections or nested_detections will be populated, but not both. List of detections in Collection protos corresponding to the rule_id. Only returned if `include_nested_detections` is false or missing in the request.
`nested_detection_samples[]`	`object (DetectionWithSamples)` Detections generated by the rule named by `rule_id` in the request, along with one level of nested detections. Only returned if `include_nested_detections` is true in the request.
`next_page_token`	`string` A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
`resp_too_large_detections_truncated`	`boolean` This is related to the max_resp_size_bytes field in the request. If the original response size is larger than the max_resp_size_bytes, we will truncate detections so that the response size is smaller than max_resp_size_bytes, and this field will be set to true.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacySearchCuratedDetections

For more information, see the IAM documentation.

ListBasis

Type of Timestamp to use for listing detections.

Enums
`LIST_BASIS_UNSPECIFIED`	Unspecified list basis.
`DETECTION_TIME`	List detections by detection time.
`CREATED_TIME`	List detections by created time.