REST Resource: projects.locations.instances.ontologyRecords

Resource: OntologyRecord

This service is available for customers who migrated SOAR to a customer managed project and have the Chronicle API enabled. OntologyRecord represents a record in the ontology.

JSON representation 
{
  "name": string,
  "source": string,
  "product": string,
  "eventName": string,
  "visualFamily": string,
  "changeSource": enum (ChangeSource),
  "exampleEventFields": [
    {
      object (ExampleEventFieldGroup)
    }
  ],
  "ontologyRecordId": string,
  "mappingRules": [
    string
  ]
}
Fields
name

string

Identifier. The resource name of the OntologyRecord. Format: projects/{project}/locations/{location}/instances/{instance}/ontologyRecords/{ontologyRecord}
source

string

Required. The data source (e.g., "GoogleChronicle").
product

string

Required. The product name (e.g. "RandomProductExample0").
eventName

string

Required. The event name (e.g., "IRC Connections").
visualFamily

string

Output only. Resource reference to the VisualFamily.
changeSource

enum (ChangeSource)

Output only. The source of the change.
exampleEventFields[]

object (ExampleEventFieldGroup)

Output only. Example event fields (if any).
ontologyRecordId

string (int64 format)

Output only. Unique numeric ID for the OntologyRecord.
mappingRules[]

string

Output only. Resource references to the MappingRules associated with this OntologyRecord.

ChangeSource

The source of the change

Enums
CHANGE_SOURCE_UNSPECIFIED The ontology record was created not by ingesting an alert with the relevant identifiers (i.e. Source, Product and Event Name). Currently only import is supported.
INGESTED_ALERT An alert that was ingested via the ETL triggered the creation of this ontology record

ExampleEventFieldGroup

Example event field group.

JSON representation 
{
  "highlighted": boolean,
  "groupName": string,
  "hideOptions": boolean,
  "items": [
    {
      object (ExampleEventFieldItem)
    }
  ]
}
Fields
highlighted

boolean

Output only. Whether the group should be highlighted.
groupName

string

Output only. The group name.
hideOptions

boolean

Output only. Whether the group should be hidden.
items[]

object (ExampleEventFieldItem)

Output only. The list of example event field items.

ExampleEventFieldItem

Example event field item.

JSON representation 
{
  "originalName": string,
  "displayName": string,
  "value": string
}
Fields
originalName

string

Output only. The original name of the event field.
displayName

string

Output only. The display name of the event field.
value

string

Output only. The value of the event field.

Methods

delete

 Delete an ontology record.

export

 Export ontology records.

get

 Get specific ontology record.

import

 Import ontology records.

list

 List all ontology records.

patch

 Update an ontology record.

statistics

 Get ontology records statistics.