Method: legacySdk.legacyUpdateNewAlertsSyncStatus

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
ApiSyncNewAlertResult
- JSON representation
Try it!

Full name: projects.locations.instances.legacySdk.legacyUpdateNewAlertsSyncStatus

Legacy RPC for updating the sync status of new alerts.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Required. The instance of the legacy sdk. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The instance of the legacy sdk. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "results": [ { object (`ApiSyncNewAlertResult`) } ], "environments": [ string ] }

Fields

Fields
`results[]`	`object (ApiSyncNewAlertResult)` Required. Synchronization results of SOAR alerts that are supposed to be created in Chronicle SIEM.
`environments[]`	`string` Optional. The environments used for fetching the alerts, should be equal to the environments from the corresponding fetch call. If Environments is null or empty, then, it is considered as All Environments.

results[]

object (ApiSyncNewAlertResult)

Required. Synchronization results of SOAR alerts that are supposed to be created in Chronicle SIEM.

environments[]

string

Optional. The environments used for fetching the alerts, should be equal to the environments from the corresponding fetch call. If Environments is null or empty, then, it is considered as All Environments.

Response body

The LegacySdkUpdateNewAlertsSyncStatusResponse message.

If successful, the response body contains data with the following structure:

JSON representation
{ "payload": [ { object (`ApiSyncNewAlertResult`) } ] }

Fields

Fields
`payload[]`	`object (ApiSyncNewAlertResult)` Synchronization results of SOAR alerts that are supposed to be created in Chronicle SIEM.

payload[]

object (ApiSyncNewAlertResult)

Synchronization results of SOAR alerts that are supposed to be created in Chronicle SIEM.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ApiSyncNewAlertResult

ApiSyncNewAlertResult message.

JSON representation
{ "alertGroupIdentifier": string, "environment": string, "creationTime": string, "createdInSiem": boolean, "siemAlertId": string, "message": string, "updatedInSoar": boolean }

Fields
`alertGroupIdentifier`	`string` Optional. A unique identifier of the alert, across the whole system.
`environment`	`string` Optional. Environment name which the alert is associated with.
`creationTime`	`string (int64 format)` Optional. Alert creation time in unix format as milliseconds.
`createdInSiem`	`boolean` Optional. Marks whether the alert has been created successfully in the SIEM.
`siemAlertId`	`string` Optional. Chronicle SIEM alert identifier. In case the identifier is null, then, it is assumed that it is not synced with the SIEM. To avoid syncing the alert, SiemAlertId can be set to -1.
`message`	`string` Optional. Error message which describes the reason for the failure in creating the alert in the remote system. If CreatedInSiem is true, then, this field is ignored.
`updatedInSoar`	`boolean` Optional. Marks whether the result has been successfully updated in the SOAR.

Method: legacySdk.legacyUpdateNewAlertsSyncStatus Stay organized with collections Save and categorize content based on your preferences.