Method: instances.findRelatedEntities

Full name: projects.locations.instances.findRelatedEntities

Finds all the entities associated with provided entity.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}:findRelatedEntities

Path parameters

Parameters
instance

string

Required. The ID of the Instance to find related entities for. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
timeRange

object (Interval)

Required. Time range to search related entities for [inclusive start time, exclusive end time).
pageSize

integer

The maximum number of Entities to return. The service may return fewer than this value. If unspecified, at most 100 entities will be returned. The maximum value is 100; values above 100 will be coerced to 100.
pageToken

string

A page token received from a previous SummarizeEntityRequest call. Provide this to retrieve the subsequent page.
entityTypes[]

enum (EntityType)

Optional. Entity types to filter related entities by. If unspecified, will return all related entities for the given entity.
domainType

enum (DomainType)

Optional. The domain type to retrieve. This is taken into account when the entity type is specified as "DOMAIN_NAME".
excludeFirstLastSeen

boolean

Optional. If true, then the related entities will not have first/last seen info and reduce latency of endpoint.
includeAllUdmEventTypesForFirstLastSeen

boolean

Optional. If true, it includes all types of events we show in UDM Search to calculate the first and last seen time of an entity.

Union parameter id.

id can be only one of the following:
entityId

string

ID of the entity.
fieldAndValue

object (FieldAndValue)

Field path and value to identify entity.

Request body

The request body must be empty.

Response body

Response message for finding related entities.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "related_entities": [
    {
      object (Entity)
    }
  ],
  "next_page_token": string,
  "has_more_entities": boolean,
  "result_time_range": {
    object (Interval)
  }
}
Fields
related_entities[]

object (Entity)

List of related entities.
next_page_token

string

A token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.
has_more_entities

boolean

Indicates if there are more related_entities available but were not returned due to the page_size.
result_time_range

object (Interval)

Time range of related entities

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.entities.findRelatedEntities

For more information, see the IAM documentation.

DomainType

Domain Type.

Enums
DOMAIN_TYPE_UNSPECIFIED Unspecified.
DOMAIN_TYPE_SIBLING Sibling domain.
DOMAIN_TYPE_SUBDOMAIN Subdomain.