REST Resource: projects.locations.instances.uniqueEntities

Resource: UniqueEntity

This service is available for customers who migrated SOAR to a customer managed project and have the Chronicle API enabled. This resource represents entities that are unique in the system and not associated with cases and alerts.

JSON representation 
{
  "name": string,
  "identifier": string,
  "type": string,
  "environment": string,
  "properties": [
    {
      object (PropertyValue)
    }
  ],
  "uniqueEntityId": integer,
  "fields": [
    {
      object (FetchFullUniqueEntityContextGroup)
    }
  ],
  "suspicious": boolean,
  "enriched": boolean,
  "internalAsset": boolean,
  "artifact": boolean,
  "manuallyCreated": boolean,
  "network": string,
  "threatSource": string,
  "operatingSystem": string,
  "country": string
}
Fields
name

string

Identifier. The unique name of the entity.
identifier

string

Output only. Identifier of the entity, contributing to its uniqueness.
type

string

Output only. Type of the entity, contributing to its uniqueness.
environment

string

Output only. The environment in which the entity exists, contributing to its uniqueness.
properties[]

object (PropertyValue)

Optional. Properties added by user or not part of this object properties.
uniqueEntityId

integer

Output only. Unique Entity Id
fields[]

object (FetchFullUniqueEntityContextGroup)

Optional. Context group for uniqueEntities.fetchFull.
suspicious

boolean

Optional. Describes if the entity is a suspicious or not.
enriched

boolean

Output only. Describes if the entity is a enriched or not.
internalAsset

boolean

Optional. Describes if the entity is an internal or not.
artifact

boolean

Optional. Describes if the entity is an artifact or not.
manuallyCreated

boolean

Output only. Describes if the entity is a manually created or not.
network

string

Optional. Network name property.
threatSource

string

Optional. Threat source of the entity.
operatingSystem

string

Optional. The operating system related to the entity.
country

string

Optional. The country related to the entity.

PropertyValue

A property key and value.

JSON representation 
{
  "key": string,
  "value": string
}
Fields
key

string

Required. The property key.
value

string

Required. The property value.

FetchFullUniqueEntityContextGroup

Context group for uniqueEntities.fetchFull.

JSON representation 
{
  "displayName": string,
  "items": [
    {
      object (UniqueEntityContextGroupItem)
    }
  ],
  "highlighted": boolean,
  "hidden": boolean
}
Fields
displayName

string

Optional. Display name of the entity.
items[]

object (UniqueEntityContextGroupItem)

Optional. Context group items.
highlighted

boolean

Optional. Highlighted property.
hidden

boolean

Optional. Indicates if the entity is hidden property.

UniqueEntityContextGroupItem

Context group item.

JSON representation 
{
  "name": string,
  "originalName": string,
  "value": string
}
Fields
name

string

Optional. Name of the item.
originalName

string

Optional. Original name of the item.
value

string

Optional. Value of the item.

Methods

addNote

 Adds a note to a UniqueEntity.

download

 Downloads a unique entity report.

fetchFull

 Fetches a full UniqueEntity.

get

 Get a UniqueEntity.

list

 Lists UniqueEntities.

patch

 Update a UniqueEntity.