- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- LegacyFeedback
- Try it!
Full name: projects.locations.instances.legacy.legacyUpdateAlert
Legacy endpoint for updating an alert.
HTTP request
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "alertId": string, "feedback": { object ( |
Fields | |
---|---|
alertId |
Required. The id of the alert. |
feedback |
Required. The analyst-supplied feedback on the alert. |
caseName |
Optional. The case name that the alert is associated with. |
responsePlatformInfo |
Optional. The response platform info of the alert. |
Response body
If successful, the response body contains an instance of Collection
.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacyUpdateAlert
For more information, see the IAM documentation.
LegacyFeedback
A piece of user feedback on an alert. NEXT TAG: 17
JSON representation |
---|
{ "idpUserId": string, "createTime": string, "verdict": enum ( |
Fields | |
---|---|
idpUserId |
Readonly. The unique identifier supplied by the customer's identity provider (IDP) for the user that provided the feedback. |
createTime |
Readonly. The time when the user submitted the feedback. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
verdict |
A verdict on whether the finding reflects a security inc |
reputation |
A categorization of the finding as useful or not useful. |
confidenceScore |
Confidence score (0-100) of the finding. |
riskScore |
Risk score (0-100) of the finding. |
disregarded |
Analyst disregard (or un-disregard) the event. |
severity |
Severity score (1-100) of the finding. |
comment |
Analyst comment. |
status |
Alert status. |
priority |
Alert priority. |
rootCause |
Alert root cause. |
reason |
Reason for closing an Alert. |
severityDisplay |
Severity display name for UI and filtering. |
triageAgentInvestigationId |
Output only. Investigation Id of the latest investigation performed by the Triage Agent on the alert. The Triage Agent is designed to autonomously investigate alerts and determine whether an alert needs to be escalated to a human while providing transparency about the actions it took as part of its investigation. |
userType |
Output only. Type of user that submitted or updated the feedback. This field is used to distinguish between the feedback submitted by a human analyst and an AI agent. By default, the user is assumed to be a human analyst. |