- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- ListBasis
- Try it!
Full name: projects.locations.instances.legacy.legacySearchCuratedDetections
Legacy endpoint for searcing detections for a Curated Rule.
HTTP request
Path parameters
Parameters | |
---|---|
instance |
Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
Parameters | |
---|---|
ruleId |
Required. The specific Curated Rule ID to list detections for. Detections will be aggregated across all versions of the rule. |
alertState |
An enum that filters which detections are returned by their AlertState. |
startTime |
The time to start search detections from, inclusive. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
endTime |
The time to end searching detections to, exclusive. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
listBasis |
Basis for determining whether to apply startTime and endTime filters for detection time or creation time of the detection. |
pageSize |
The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 100 detections will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. |
pageToken |
A page token, received from a previous |
maxRespSizeBytes |
Optional. The maximum size of response in bytes. If it is set to 0 (or is omitted), the server will not enforce any max response size limit. |
includeNestedDetections |
Optional. If true, include one level of nested detections in the response. |
Request body
The request body must be empty.
Response body
legacy.legacySearchCuratedDetections response message.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "curatedDetections": [ { object ( |
Fields | |
---|---|
curatedDetections[] |
Either curatedDetections or nestedDetections will be populated, but not both. List of detections in Collection protos corresponding to the ruleId. Only returned if |
nestedDetectionSamples[] |
Detections generated by the rule named by |
nextPageToken |
A token that can be sent as |
respTooLargeDetectionsTruncated |
This is related to the maxRespSizeBytes field in the request. If the original response size is larger than the maxRespSizeBytes, we will truncate detections so that the response size is smaller than maxRespSizeBytes, and this field will be set to true. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacySearchCuratedDetections
For more information, see the IAM documentation.
ListBasis
Type of Timestamp to use for listing detections.
Enums | |
---|---|
LIST_BASIS_UNSPECIFIED |
Unspecified list basis. |
DETECTION_TIME |
List detections by detection time. |
CREATED_TIME |
List detections by created time. |