Method: threatCollections.fetchRelated

Full name: projects.locations.instances.threatCollections.fetchRelated

List related threat collections for a threat artifact.

HTTP request


Path parameters

Parameters
parent

string

Required. The parent resource of the threat collections. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
threatCollectionType

enum (ThreatCollectionType)

Required. The type (Campaign or Report) of related threat collections to return.
pageSize

integer

Optional. The maximum number of threat collections to return. The default is 10, and the maximum value is 40.
pageToken

string

Optional. A page token, received from a previous threatCollections.fetchRelated call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to threatCollections.fetchRelated must match the call that provided the page token.
orderBy

string

Optional. The order to sort the returned threat collections by. Default is descending last_modification_date. The supported order syntax matches the fields defined in the GTI API docs here: https://gtidocs.virustotal.com/reference/list-threats#allowed-orders

Supported orders: - name: sorts objects alphabetically by name, ascending + or descending -. Name in this context refers to the displayName for a threat collection. - creation_date: sorts objects descending - (default) by most recently created objects first, or ascending + by oldest created objects first. This refers to the createTime field for a threat collection. - last_modification_date: sorts objects descending - by most recently modified objects first, or ascending + by firstly modified objects first. This refers to the updateTime field for a threat collection.
Union parameter threat_resource. The threat resource to get the related ThreatCollections (GTI Campaigns or Reports) for. threat_resource can be only one of the following:
iocAssociation

string

Optional. The name of the IocAssociation (Threat Actor or Malware Family) resource to get related threat collections for. Format: projects/{project}/locations/{location}/instances/{instance}/iocAssociations/{iocAssociation}
ioc

string

Optional. The name of the ioc resource to get related threat collections for. Format: projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc}
threatCollection

string

Optional. The name of the ThreatCollection (GTI Campaign or Report) resource to get related threat collections for. Format: projects/{project}/locations/{location}/instances/{instance}/threatCollections/{threatCollection}

Request body

The request body must be empty.

Response body

Response containing a list of threat collections for a given threat artifact.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "threatCollections": [
    {
      object (ThreatCollection)
    }
  ],
  "nextPageToken": string,
  "totalSize": integer
}
Fields
threatCollections[]

object (ThreatCollection)

Output only. The list of ThreatCollections.
nextPageToken

string

Output only. A token that can be sent as pageToken to retrieve the next page. If this field is omitted, there are no subsequent pages.
totalSize

integer

Output only. The total number of ThreatCollections that match the request. The count of threatCollections returned by pagination may be less than the totalSize that matches.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.threatCollections.fetchRelated

For more information, see the IAM documentation.