- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- SdkApiSyncNewAlert
- SdkApiSyncSecurityEvent
- Try it!
Full name: projects.locations.instances.legacySdk.legacyGetAlertsToSync
Legacy RPC for get alerts to sync.
HTTP request
Path parameters
| Parameters | |
|---|---|
instance |
Required. The GetAlertsToSync request. Format: projects/{project}/locations/{location}/instances/{instance}/legacySdk:getAlertsToSync |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "batchSize": integer, "environments": [ string ] } |
| Fields | |
|---|---|
batchSize |
Required. The alerts to sync request data. |
environments[] |
Required. Filter alerts which only belong to the given environments. If Environments is null or empty, then, no filtering will take place (alerts will be searched in all environments). |
Response body
The GetAlertsToSyncResponse message.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"payload": [
{
object ( |
| Fields | |
|---|---|
payload[] |
The list of alerts to sync. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
SdkApiSyncNewAlert
ApiSyncNewAlert message.
| JSON representation |
|---|
{
"alertIdentifier": string,
"alertGroupIdentifier": string,
"creationTime": string,
"name": string,
"detectionTime": string,
"vendor": string,
"sourceSystemName": string,
"product": string,
"ticketId": string,
"environment": string,
"siemAlertId": string,
"events": [
{
object ( |
| Fields | |
|---|---|
alertIdentifier |
Alert identifier - {alertName}_{ticketId} |
alertGroupIdentifier |
A unique identifier of the alert, across the whole system. |
creationTime |
Alert creation time in unix format as milliseconds |
name |
Alert display name |
detectionTime |
Detected time in unix ms. The detection time of the alert in unix format as milliseconds. |
vendor |
The vendor name of the product which generated the alert. |
sourceSystemName |
The integration which ingested the alert. |
product |
The name of the product which generated the alert. |
ticketId |
Original identifier of the alert in its source system. |
environment |
Environment name which the alert is associated with. |
siemAlertId |
Chronicle SIEM alert identifier. |
events[] |
The events involved in this alert. |
startTime |
Alert start time in unix format as milliseconds. |
endTime |
Alert end time in unix format as milliseconds. |
SdkApiSyncSecurityEvent
ApiSyncSecurityEvent message.
| JSON representation |
|---|
{ "eventTimeEpochTimeInMs": string, "name": string, "severity": string, "description": string, "eventId": string, "receiptTime": string, "managerReceiptTime": string, "startTime": string, "sourceHostName": string, "sourceAddress": string, "destinationHostName": string, "destinationAddress": string, "destinationUserName": string, "destinationDnsDomain": string, "destinationNtDomain": string, "sourceDnsDomain": string, "sourceUserName": string, "sourceUserId": string, "sourceNtDomain": string, "destinationUrl": string, "fileName": string, "fileHash": string, "deployment": string, "fileType": string, "transportProtocol": string, "applicationProtocol": string, "destinationPort": string, "categoryOutcome": string, "deviceVendor": string, "deviceProduct": string, "sourceProcessName": string, "destinationProcessName": string, "emailSubject": string, "threatSignature": string, "genericEntity": string, "sourceMacAddress": string, "destinationMacAddress": string, "phoneNumber": string, "cve": string, "threatActor": string, "threatCampaign": string, "process": string, "parentProcess": string, "sourceDomain": string, "destinationDomain": string, "endTime": string, "ruleGenerator": string, "message": string, "usb": string } |
| Fields | |
|---|---|
eventTimeEpochTimeInMs |
The event time in unix ms. |
name |
The event name. |
severity |
The severity. |
description |
The description. |
eventId |
The event id. |
receiptTime |
The receipt time. |
managerReceiptTime |
The manager receipt time. |
startTime |
The start time. |
sourceHostName |
The source host name. |
sourceAddress |
The source address. |
destinationHostName |
The destination host name. |
destinationAddress |
The destination address. |
destinationUserName |
The destination user name. |
destinationDnsDomain |
The destination dns domain. |
destinationNtDomain |
The destination nt domain. |
sourceDnsDomain |
The source dns domain. |
sourceUserName |
The source user name. |
sourceUserId |
The source user id. |
sourceNtDomain |
The source nt domain. |
destinationUrl |
The destination url. |
fileName |
The file name. |
fileHash |
The file hash. |
deployment |
The deployment. |
fileType |
The file type. |
transportProtocol |
The transport protocol. |
applicationProtocol |
The application protocol. |
destinationPort |
The destination port. |
categoryOutcome |
The category outcome. |
deviceVendor |
The device vendor. |
deviceProduct |
The device product. |
sourceProcessName |
The source process name. |
destinationProcessName |
The destination process name. |
emailSubject |
The email subject. |
threatSignature |
The threat signature. |
genericEntity |
The generic entity. |
sourceMacAddress |
The source mac address. |
destinationMacAddress |
The destination mac address. |
phoneNumber |
The phone number. |
cve |
The cve. |
threatActor |
The threat actor. |
threatCampaign |
The threat campaign. |
process |
The process. |
parentProcess |
The parent process. |
sourceDomain |
The source domain. |
destinationDomain |
The destination domain. |
endTime |
The end time. |
ruleGenerator |
The rule generator. |
message |
The message. |
usb |
The usb. |