Method: legacy.legacySearchFindings

Full name: projects.locations.instances.legacy.legacySearchFindings

Legacy endpoint for listing Findings.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchFindings

Path parameters

Parameters
instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
findingType[]

enum (CollectionType)

Required. Finding type: Uppercase, DSML, etc.
timestampRange

object (Interval)

Required. Times range to get the findings from.
pageSize

integer

Number of findings to return per page. Default value is 1000 if the page_size is not set in the request.
nextPageToken

object (NextPageToken)

Page token to support pagination. If no token is supplied, the first page of findings will be returned.

Request body

The request body must be empty.

Response body

The SearchFindings response.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "findings": [
    {
      object (Finding)
    }
  ],
  "page_token": {
    object (NextPageToken)
  }
}
Fields
findings[]

object (Finding)

Findings found for the given filters. Note that Findings returned do not include the feedback_history field, only the feedback_summary.
page_token

object (NextPageToken)

The token to supply to get the next page of results. If there are no additional results, this will be empty.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.legacies.legacySearchFindings

For more information, see the IAM documentation.

Finding

JSON representation 
{
  "uid": string,
  "finding_type": enum (CollectionType),
  "uid_namespace": enum (Namespace),
  "created_time": string,
  "last_updated_time": string,
  "detection_metadata": {
    object (SecurityResult)
  },
  "udm_events": [
    {
      object (UdmEventInfo)
    }
  ],
  "feedback_summary": {
    object (Feedback)
  },
  "feedback_history": [
    {
      object (Feedback)
    }
  ],
  "tags": [
    string
  ]
}
Fields
uid

string (bytes format)

A base64-encoded string.
finding_type

enum (CollectionType)
uid_namespace

enum (Namespace)
created_time

string (Timestamp format)

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
last_updated_time

string (Timestamp format)

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
detection_metadata

object (SecurityResult)
udm_events[]

object (UdmEventInfo)
feedback_summary

object (Feedback)
feedback_history[]

object (Feedback)
tags[]

string