Method: legacySdk.legacyCreateConnectorPackage

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization scopes
SdkCaseInfo
- JSON representation
CaseType
CasePriority
LoadDataTypeEnumQueue
IngestionSourceType
CaseType
Try it!

Full name: projects.locations.instances.legacySdk.legacyCreateConnectorPackage

Legacy RPC for create connector package.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Required. The CreateConnectorPackage request. Format: projects/{project}/locations/{location}/instances/{instance}/legacySdk:createConnectorPackage

instance

string

Required. The CreateConnectorPackage request. Format: projects/{project}/locations/{location}/instances/{instance}/legacySdk:createConnectorPackage

Request body

The request body contains data with the following structure:

JSON representation
{ "cases": [ { object (`SdkCaseInfo`) } ], "identifier": string, "connectorIdentifier": string, "debugOutput": string, "type": enum (`CaseType`) }

Fields
`cases[]`	`object (SdkCaseInfo)` Required. The cases data.
`identifier`	`string` Optional. The case identifier.
`connectorIdentifier`	`string` Optional. The connector identifier.
`debugOutput`	`string` Optional. Debug output.
`type`	`enum (CaseType)` Required. CaseType enum.

Response body

If successful, the response body is an empty JSON object.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

SdkCaseInfo

CaseInfo message.

JSON representation

JSON representation
{ "creatorUserId": string, "events": [ { object } ], "environment": string, "sourceSystemName": string, "ticketId": string, "description": string, "displayId": string, "reason": string, "name": string, "deviceVendor": string, "deviceProduct": string, "startTime": string, "endTime": string, "ruleGenerator": string, "sourceGroupingIdentifier": string, "playbookTriggerKeywords": [ string ], "attachments": [ { object (`SdkCaseInfoAttachment`) } ], "sourceSystemUrl": string, "sourceRuleIdentifier": string, "siemAlertId": string, "updatedFields": [ { object (`SdkPropertyValue`) } ], "alertMetadata": { string: value, ... }, "dataAccessScope": string, "extensions": [ { object (`SdkPropertyValue`) } ], "type": enum (`CaseType`), "priority": enum (`CasePriority`), "isTrimmed": boolean, "dataType": enum (`LoadDataTypeEnumQueue`), "sourceType": enum (`IngestionSourceType`), "alertUpdateSupported": boolean }

{
  "creatorUserId": string,
  "events": [
    {
      object
    }
  ],
  "environment": string,
  "sourceSystemName": string,
  "ticketId": string,
  "description": string,
  "displayId": string,
  "reason": string,
  "name": string,
  "deviceVendor": string,
  "deviceProduct": string,
  "startTime": string,
  "endTime": string,
  "ruleGenerator": string,
  "sourceGroupingIdentifier": string,
  "playbookTriggerKeywords": [
    string
  ],
  "attachments": [
    {
      object (SdkCaseInfoAttachment)
    }
  ],
  "sourceSystemUrl": string,
  "sourceRuleIdentifier": string,
  "siemAlertId": string,
  "updatedFields": [
    {
      object (SdkPropertyValue)
    }
  ],
  "alertMetadata": {
    string: value,
    ...
  },
  "dataAccessScope": string,
  "extensions": [
    {
      object (SdkPropertyValue)
    }
  ],
  "type": enum (CaseType),
  "priority": enum (CasePriority),
  "isTrimmed": boolean,
  "dataType": enum (LoadDataTypeEnumQueue),
  "sourceType": enum (IngestionSourceType),
  "alertUpdateSupported": boolean
}

Fields
`creatorUserId`	`string` Required. Identifies the user who creates this case - only relevant for cases of type Request
`events[]`	`object (Struct format)` Optional. List of the events that make up this case
`environment`	`string` Optional. Case environment
`sourceSystemName`	`string` Optional. Name of the source system - based on the connector
`ticketId`	`string` Optional. External case id received from the external product - based on the connector
`description`	`string` Optional. Case description
`displayId`	`string` Optional. External case display id received from the external product - based on the connector
`reason`	`string` Optional. Case reason
`name`	`string` Optional. Case name
`deviceVendor`	`string` Optional. Case product vendor - based on the connector
`deviceProduct`	`string` Optional. Case product vendor - based on the connector
`startTime`	`string (int64 format)` Output only. Case starting time in unix format as milliseconds - based on the connector
`endTime`	`string (int64 format)` Output only. Case ending time in unix format as milliseconds - based on the connector
`ruleGenerator`	`string` Optional. Rule that generates this case - based on the connector
`sourceGroupingIdentifier`	`string` Optional. Source grouping identifier will be used to group alert into one case - depends on alert grouping configuration - based on the connector
`playbookTriggerKeywords[]`	`string` Optional. Playbook trigger keywords - used for 'Alert Trigger Value' playbook trigger type. A comparison is made between those playbook keywords items and the trigger value set by the user.
`attachments[]`	`object (SdkCaseInfoAttachment)` Optional. Case attachments - based on the connector
`sourceSystemUrl`	`string` Required. Configured source url - defined in the connector that ingested this alert
`sourceRuleIdentifier`	`string` Required. Configured source rule url - defined in the connector that ingested this alert
`siemAlertId`	`string` Optional. Chronicle SIEM alert identifier. In case the identifier is null, then, it is assumed that it is not synced with the SIEM. To avoid syncing the alert, SiemAlertId can be set to -1.
`updatedFields[]`	`object (SdkPropertyValue)` Optional. Alert Updated Fields. Key-Value pairs of alert fields that were updated recently.
`alertMetadata`	`map (key: string, value: value (Value format))` Optional. Additional alert metadata as key-value pairs. Supports various fields with different types of values. Only recognized fields will be parsed and processed by the ingestion pipeline. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
`dataAccessScope`	`string` Required. The Chronicle SIEM resource name of the DataAccessScope of this alert.
`extensions[] (deprecated)`	`object (SdkPropertyValue)` This item is deprecated! Extensions
`type`	`enum (CaseType)` Required. Case type
`priority`	`enum (CasePriority)` Required. Case priority
`isTrimmed`	`boolean` Optional. Flag that indicates whether the case got trimmed or not
`dataType`	`enum (LoadDataTypeEnumQueue)` Required. Case data type
`sourceType`	`enum (IngestionSourceType)` Required. Case source type
`alertUpdateSupported`	`boolean` Optional. Is Alert Origin supports updates. Indicating if the alert source system support alert updates.

CaseType

CaseType enum.

Enums
`EXTERNAL`	External.
`TEST`	Test.
`REQUEST`	Request.

CasePriority

CasePriority enum.

Enums
`INFORMATIVE`	Informative.
`UNCHANGED`	Unchanged.
`LOW`	Low.
`MEDIUM`	Medium.
`HIGH`	High.
`CRITICAL`	Critical.

LoadDataTypeEnumQueue

LoadDataTypeEnumQueue enum.

Enums
`EVENTS`	Events.
`CASES`	Cases.
`CONNECTOR_LOG`	Connector log.
`CONNECTOR_OVERFLOW`	Connector overflow.

IngestionSourceType

IngestionSourceType enum.

Enums
`CONNECTOR`	Connector.
`WEBHOOK`	Webhook.

CaseType

CaseType enum.

Enums
`EXTERNAL`	External.
`TEST`	Test.
`REQUEST`	Request.

Method: legacySdk.legacyCreateConnectorPackage Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Request body

Response body

Authorization scopes

SdkCaseInfo

CaseType

CasePriority

LoadDataTypeEnumQueue

IngestionSourceType

CaseType

Method: legacySdk.legacyCreateConnectorPackage