Resource: PropertySchemaDefinition
This service is available for customers who migrated SOAR to a customer managed project and have the Chronicle API enabled. The properties metadata enable customers to rewrite how event fields will be presented and under what category they appear such as case overview – event fields and entity screen – enrichment fields. So for example, I can create a properties metadata in the platform so that all the events or enrichment fields that start with the VT_ prefix will be grouped under the VirusTotal category.
| JSON representation |
|---|
{ "name": string, "rawFieldName": string, "displayName": string, "groupName": string, "prefix": string, "trimPrefix": boolean, "system": boolean, "highlighted": boolean } |
| Fields | |
|---|---|
name |
Identifier. The unique name(ID) of the PropertySchemaDefinition. Format: projects/{project}/locations/{location}/instances/{instance}/propertySchemaDefinitions/{propertySchemaDefinition} |
rawFieldName |
Required. Title of the raw field - the system name. Limited to 100 characters. |
displayName |
Required. How to display the raw_field_title on the case overview screen. |
groupName |
Required. Title of the group/category. |
prefix |
Optional. Used for grouping multiple fields together. Limited to 256 characters. |
trimPrefix |
Optional. Whether to display the prefix as part of the field name. Example – "VTdepartment" will be presented as "department" in case you defined "VT" prefix and trimmed it. Default value: false |
system |
Output only. Indicates if the field is in the system category or not. Also inidicates if the field should be displayed in the UI screen or not. |
highlighted |
Optional. To display the field in the Highlighted section of the cases overview screen or not. Default value: false |
Methods |
|
|---|---|
|
Create a PropertySchemaDefinition. |
|
Delete a PropertySchemaDefinition. |
|
Get a PropertySchemaDefinition. |
|
Lists PropertySchemaDefinitions. |
|
Update a PropertySchemaDefinition. |