Method: instances.findRelatedEntities

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
DomainType
Try it!

Full name: projects.locations.instances.findRelatedEntities

Finds all the entities associated with provided entity.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Required. The name of the parent resource, which is the SecOps instance to find related entities for. Format: `projects/{project}/locations/{location}/instances/{instance}`

instance

string

Required. The name of the parent resource, which is the SecOps instance to find related entities for. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`timeRange`	`object (Interval)` Required. Time range to search related entities for [inclusive start time, exclusive end time).
`pageSize`	`integer` The maximum number of Entities to return. The service may return fewer than this value. If unspecified, at most 100 entities will be returned. The maximum value is 100; values above 100 will be coerced to 100.
`pageToken`	`string` A page token received from a previous `SummarizeEntityRequest` call. Provide this to retrieve the subsequent page.
`entityTypes[]`	`enum (EntityType)` Optional. Entity types to filter related entities by. If unspecified, will return all related entities for the given entity.
`domainType`	`enum (DomainType)` Optional. The domain type to retrieve. This is taken into account when the entity type is specified as "DOMAIN_NAME".
`excludeFirstLastSeen`	`boolean` Optional. If true, then the related entities will not have first/last seen info and reduce latency of endpoint.
`includeAllUdmEventTypesForFirstLastSeen`	`boolean` Optional. If true, it includes all types of events we show in UDM Search to calculate the first and last seen time of an entity.
Union parameter `id`. Identifier to find the entity. `id` can be only one of the following:
`entityId`	`string` ID of the entity.
`fieldAndValue`	`object (FieldAndValue)` Field path and value to identify entity.

Request body

The request body must be empty.

Response body

Response message for finding related entities.

If successful, the response body contains data with the following structure:

JSON representation
{ "relatedEntities": [ { object (`Entity`) } ], "nextPageToken": string, "hasMoreEntities": boolean, "resultTimeRange": { object (`Interval`) } }

Fields
`relatedEntities[]`	`object (Entity)` List of related entities.
`nextPageToken`	`string` A token, which can be sent as `pageToken` to retrieve the next page. If this field is omitted, there are no subsequent pages.
`hasMoreEntities`	`boolean` Indicates if there are more relatedEntities available but were not returned due to the `pageSize`.
`resultTimeRange`	`object (Interval)` Time range of related entities

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.entities.findRelatedEntities

For more information, see the IAM documentation.

DomainType

Domain Type.

Enums
`DOMAIN_TYPE_UNSPECIFIED`	Unspecified.
`DOMAIN_TYPE_SIBLING`	Sibling domain.
`DOMAIN_TYPE_SUBDOMAIN`	Subdomain.