Chronicle API

The Google Cloud Security Operations API (Chronicle API) provides endpoints that help analysts investigate and mitigate security threats throughout their lifecycle.

Service: chronicle.googleapis.com

Service endpoint

A service endpoint is the base URL that specifies the network address of an API service. A single service can have multiple service endpoints. Chronicle is a regional service and only supports regional endpoints. Requests sent to the global chronicle.googleapis.com endpoint will fail with a `404` error. To find your regional endpoint, see Regional service endpoint.

Regional service endpoint

A regional service endpoint is a base URL that specifies the network address of an API service in a single region. A service that is available in multiple regions might have multiple regional endpoints. Select a location to see its regional service endpoint for this service.


  • https://chronicle.us.rep.googleapis.com

    • REST Resource: v1beta.projects.locations.instances

    Methods
    get GET /v1beta/{name}
    Gets an instance.

    REST Resource: v1beta.projects.locations.instances.dataAccessLabels

    Methods
    create POST /v1beta/{parent}/dataAccessLabels
    Creates a data access label.
    delete DELETE /v1beta/{name}
    Deletes a data access label.
    get GET /v1beta/{name}
    Gets a data access label.
    list GET /v1beta/{parent}/dataAccessLabels
    Lists all data access labels for the customer.
    patch PATCH /v1beta/{dataAccessLabel.name}
    Updates a data access label.

    REST Resource: v1beta.projects.locations.instances.dataAccessScopes

    Methods
    create POST /v1beta/{parent}/dataAccessScopes
    Creates a data access scope.
    delete DELETE /v1beta/{name}
    Deletes a data access scope.
    get GET /v1beta/{name}
    Retrieves an existing data access scope.
    list GET /v1beta/{parent}/dataAccessScopes
    Lists all existing data access scopes for the customer.
    patch PATCH /v1beta/{dataAccessScope.name}
    Updates a data access scope.

    REST Resource: v1beta.projects.locations.instances.operations

    Methods
    cancel POST /v1beta/{name}:cancel
    Starts asynchronous cancellation on a long-running operation.
    delete DELETE /v1beta/{name}
    Deletes a long-running operation.
    get GET /v1beta/{name}
    Gets the latest state of a long-running operation.
    list GET /v1beta/{name}/operations
    Lists operations that match the specified filter in the request.

    REST Resource: v1beta.projects.locations.instances.referenceLists

    Methods
    create POST /v1beta/{parent}/referenceLists
    Creates a new reference list.
    get GET /v1beta/{name}
    Gets a single reference list.
    list GET /v1beta/{parent}/referenceLists
    Lists a collection of reference lists.
    patch PATCH /v1beta/{referenceList.name}
    Updates an existing reference list.

    REST Resource: v1beta.projects.locations.instances.rules

    Methods
    create POST /v1beta/{parent}/rules
    Creates a new Rule.
    delete DELETE /v1beta/{name}
    Deletes a Rule.
    get GET /v1beta/{name}
    Gets a Rule.
    getDeployment GET /v1beta/{name}
    Gets a RuleDeployment.
    list GET /v1beta/{parent}/rules
    Lists Rules.
    listRevisions GET /v1beta/{name}:listRevisions
    Lists all revisions of the rule.
    patch PATCH /v1beta/{rule.name}
    Updates a Rule.
    updateDeployment PATCH /v1beta/{ruleDeployment.name}
    Updates a RuleDeployment.

    REST Resource: v1beta.projects.locations.instances.rules.deployments

    Methods
    list GET /v1beta/{parent}/deployments
    Lists RuleDeployments across all Rules.

    REST Resource: v1beta.projects.locations.instances.rules.retrohunts

    Methods
    create POST /v1beta/{parent}/retrohunts
    Create a Retrohunt.
    get GET /v1beta/{name}
    Get a Retrohunt.
    list GET /v1beta/{parent}/retrohunts
    List Retrohunts.

    REST Resource: v1beta.projects.locations.instances.watchlists

    Methods
    create POST /v1beta/{parent}/watchlists
    Creates a watchlist for the given instance.
    delete DELETE /v1beta/{name}
    Deletes the watchlist for the given instance.
    get GET /v1beta/{name}
    Gets watchlist details for the given watchlist ID.
    list GET /v1beta/{parent}/watchlists
    Lists all watchlists for the given instance.
    patch PATCH /v1beta/{watchlist.name}
    Updates the watchlist for the given instance.

    REST Resource: v1alpha.projects.locations.instances

    Methods
    batchValidateWatchlistEntities POST /v1alpha/{parent}:batchValidateWatchlistEntities
    Validates a batch of entities that could be added into watchlist under an instance.
    computeAllFindingsRefinementActivities POST /v1alpha/{instance}:computeAllFindingsRefinementActivities
    Returns findings refinement activity for all findings refinements.
    countAllCuratedRuleSetDetections POST /v1alpha/{instance}:countAllCuratedRuleSetDetections
    Count detections across all curated rule sets.
    createFeedback POST /v1alpha/{instance}:createFeedback
    RPC to submit user feedback on content generated by AI services.
    delete DELETE /v1alpha/{name}
    DeleteInstance deletes an Instance.
    extractSyslog POST /v1alpha/{instance}:extractSyslog
    ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.
    fetchFederationAccess GET /v1alpha/{name}:fetchFederationAccess
    FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances.
    findEntity GET /v1alpha/{instance}:findEntity
    Identifies the entity type and retrieves relevant data associated with a specified indicator.
    findEntityAlerts GET /v1alpha/{instance}:findEntityAlerts
    Get alerts for an entity
    findRelatedEntities GET /v1alpha/{instance}:findRelatedEntities
    Finds all the entities associated with provided entity.
    findUdmFieldValues GET /v1alpha/{instance}:findUdmFieldValues
    Finds ingested UDM field values that match a query.
    generateCollectionAgentAuth POST /v1alpha/{name}:generateCollectionAgentAuth
    GenerateCollectionAgentAuth generates an auth json file for the collection agent.
    generateSoarAuthJwt POST /v1alpha/{name}:generateSoarAuthJwt
    GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar.
    generateUdmKeyValueMappings POST /v1alpha/{instance}:generateUdmKeyValueMappings
    GenerateUDMKeyValueMappings generates key value mapping of a raw log.
    generateWorkspaceConnectionToken POST /v1alpha/{name}:generateWorkspaceConnectionToken
    Generates a token that can be used to connect a workspace customer to a chronicle instance
    get GET /v1alpha/{name}
    Gets a Instance.
    getBigQueryExport GET /v1alpha/{name}
    Get the BigQuery export configuration for a Chronicle instance.
    getMultitenantDirectory GET /v1alpha/{name}
    Gets the super and subtenants and gets the current tenant name.
    getRiskConfig GET /v1alpha/{name}
    Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.
    listAllFindingsRefinementDeployments GET /v1alpha/{instance}:listAllFindingsRefinementDeployments
    Lists all findings refinement deployments.
    queryProductSourceStats GET /v1alpha/{instance}:queryProductSourceStats
    Gets available product sources along with their stats.
    report GET /v1alpha/{name}:report
    Generate a report summarizing this chronicle instance.
    searchEntities GET /v1alpha/{instance}:searchEntities
    Identifies the entity type and retrieves relevant data associated with a specified indicator.
    searchRawLogs POST /v1alpha/{instance}:searchRawLogs
    Api to get events, entities, or unparsed raw logs matching the given raw log query.
    summarizeEntitiesFromQuery GET /v1alpha/{instance}:summarizeEntitiesFromQuery
    Parses the query and identifies the entities contained within the search query.
    summarizeEntity GET /v1alpha/{instance}:summarizeEntity
    Returns all entity data over specified time.
    testFindingsRefinement POST /v1alpha/{instance}:testFindingsRefinement
    Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.
    translateUdmQuery POST /v1alpha/{instance}:translateUdmQuery
    Translate natural language to a UDM Search query.
    translateYlRule POST /v1alpha/{instance}:translateYlRule
    Translate natural language to a Yara-L rule.
    udmSearch GET /v1alpha/{instance}:udmSearch
    Performs a UDM search that returns matching events for the query.
    undelete POST /v1alpha/{name}:undelete
    UndeleteInstance undeletes a soft-deleted Instance.
    updateBigQueryExport PATCH /v1alpha/{bigQueryExport.name}
    Update the BigQuery export configuration for a Chronicle instance.
    updateRiskConfig PATCH /v1alpha/{riskConfig.name}
    Updates RiskConfig used for the computation of Entity Risk Score.
    validateQuery GET /v1alpha/{instance}:validateQuery
    Validates UDM search query by compiling the query.
    verifyReferenceList POST /v1alpha/{instance}:verifyReferenceList
    VerifyReferenceList validates list content and returns line errors, if any.
    verifyRuleText POST /v1alpha/{instance}:verifyRuleText
    Verifies the given rule text.

    REST Resource: v1alpha.projects.locations.instances.analytics

    Methods
    list GET /v1alpha/{parent}/analytics
    Lists all supported analytics for APIs which can filter by analytic type, such as ListAnalyticValues.

    REST Resource: v1alpha.projects.locations.instances.analytics.entities.analyticValues

    Methods
    list GET /v1alpha/{parent}/analyticValues
    Lists analytic values.

    REST Resource: v1alpha.projects.locations.instances.bigQueryAccess

    Methods
    provide POST /v1alpha/{parent}/bigQueryAccess:provide
    Provide BigQuery access for the given email.

    REST Resource: v1alpha.projects.locations.instances.bigQueryExport

    Methods
    provision POST /v1alpha/{parent}/bigQueryExport:provision
    Provision the BigQuery export for a Chronicle instance.

    REST Resource: v1alpha.projects.locations.instances.cases

    Methods
    countPriorities GET /v1alpha/{parent}/cases:countPriorities
    Count a selection of cases by priority.

    REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories

    Methods
    get GET /v1alpha/{name}
    Gets a CuratedRuleSetCategory.
    list GET /v1alpha/{parent}/curatedRuleSetCategories
    Lists CuratedRuleSetCategories.

    REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets

    Methods
    countCuratedRuleSetDetections POST /v1alpha/{name}:countCuratedRuleSetDetections
    Counts the detections generated by a CuratedRuleSet.
    get GET /v1alpha/{name}
    Gets a CuratedRuleSet.
    list GET /v1alpha/{parent}/curatedRuleSets
    Lists CuratedRuleSets.

    REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets.curatedRuleSetDeployments

    Methods
    batchUpdate POST /v1alpha/{parent}/curatedRuleSetDeployments:batchUpdate
    Update multiple deployments of curated rule sets.
    get GET /v1alpha/{name}
    Get a deployment of a curated rule set.
    list GET /v1alpha/{parent}/curatedRuleSetDeployments
    Lists deployments for a curated rule set.
    patch PATCH /v1alpha/{curatedRuleSetDeployment.name}
    Update a deployment of a curated rule set.

    REST Resource: v1alpha.projects.locations.instances.curatedRules

    Methods
    get GET /v1alpha/{name}
    Gets a CuratedRule.
    list GET /v1alpha/{parent}/curatedRules
    Lists CuratedRules.

    REST Resource: v1alpha.projects.locations.instances.dashboardCharts

    Methods
    batchGet GET /v1alpha/{parent}/dashboardCharts:batchGet
    Get dashboard charts in batches.
    get GET /v1alpha/{name}
    Get a dashboard chart.

    REST Resource: v1alpha.projects.locations.instances.dashboardQueries

    Methods
    execute POST /v1alpha/{parent}/dashboardQueries:execute
    Execute a query and return the data.
    get GET /v1alpha/{name}
    Get a dashboard query.

    REST Resource: v1alpha.projects.locations.instances.dashboards

    Methods
    copy POST /v1alpha/{name}:copy
    Copy a dashboard of one type to a dashbooard of another type.
    create POST /v1alpha/{parent}/dashboards
    Create a dashboard.
    delete DELETE /v1alpha/{name}
    Delete a dashboard.
    get GET /v1alpha/{name}
    Get a dashboard.
    list GET /v1alpha/{parent}/dashboards
    List all dashboards.

    REST Resource: v1alpha.projects.locations.instances.dataAccessLabels

    Methods
    create POST /v1alpha/{parent}/dataAccessLabels
    Creates a data access label.
    delete DELETE /v1alpha/{name}
    Deletes a data access label.
    get GET /v1alpha/{name}
    Gets a data access label.
    list GET /v1alpha/{parent}/dataAccessLabels
    Lists all data access labels for the customer.
    patch PATCH /v1alpha/{dataAccessLabel.name}
    Updates a data access label.

    REST Resource: v1alpha.projects.locations.instances.dataAccessScopes

    Methods
    create POST /v1alpha/{parent}/dataAccessScopes
    Creates a data access scope.
    delete DELETE /v1alpha/{name}
    Deletes a data access scope.
    get GET /v1alpha/{name}
    Retrieves an existing data access scope.
    list GET /v1alpha/{parent}/dataAccessScopes
    Lists all existing data access scopes for the customer.
    patch PATCH /v1alpha/{dataAccessScope.name}
    Updates a data access scope.

    REST Resource: v1alpha.projects.locations.instances.dataExports

    Methods
    cancel POST /v1alpha/{name}:cancel
    Cancels a DataExport.
    create POST /v1alpha/{parent}/dataExports
    Creates a new DataExport.
    fetchavailablelogtypes POST /v1alpha/{parent}/dataExports:fetchavailablelogtypes
    Fetches available log types for export.
    get GET /v1alpha/{name}
    Gets a DataExport.

    REST Resource: v1alpha.projects.locations.instances.dataTableOperationErrors

    Methods
    get GET /v1alpha/{name}
    Get the error for a data table operation.

    REST Resource: v1alpha.projects.locations.instances.dataTables

    Methods
    create POST /v1alpha/{parent}/dataTables
    Create a new data table.
    delete DELETE /v1alpha/{name}
    Delete data table.
    get GET /v1alpha/{name}
    Get data table info.
    list GET /v1alpha/{parent}/dataTables
    List data tables.
    patch PATCH /v1alpha/{dataTable.name}
    Update data table.
    upload POST /v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
    POST /upload/v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
    Create data table from a bulk file.

    REST Resource: v1alpha.projects.locations.instances.dataTables.dataTableRows

    Methods
    bulkCreate POST /v1alpha/{parent}/dataTableRows:bulkCreate
    Create data table rows in bulk.
    bulkCreateAsync POST /v1alpha/{parent}/dataTableRows:bulkCreateAsync
    Create data table rows in bulk asynchronously.
    bulkGet POST /v1alpha/{parent}/dataTableRows:bulkGet
    Get data table rows in bulk.
    bulkReplace POST /v1alpha/{parent}/dataTableRows:bulkReplace
    Replace all existing data table rows with new data table rows.
    bulkReplaceAsync POST /v1alpha/{parent}/dataTableRows:bulkReplaceAsync
    Replace all existing data table rows with new data table rows asynchronously.
    bulkUpdate POST /v1alpha/{parent}/dataTableRows:bulkUpdate
    Update data table rows in bulk.
    bulkUpdateAsync POST /v1alpha/{parent}/dataTableRows:bulkUpdateAsync
    Update data table rows in bulk asynchronously.
    create POST /v1alpha/{parent}/dataTableRows
    Create a new data table row.
    delete DELETE /v1alpha/{name}
    Delete data table row.
    get GET /v1alpha/{name}
    Get data table row
    list GET /v1alpha/{parent}/dataTableRows
    List data table rows.
    patch PATCH /v1alpha/{dataTableRow.name}
    Update data table row

    REST Resource: v1alpha.projects.locations.instances.dataTaps

    Methods
    create POST /v1alpha/{parent}/dataTaps
    Creates a DataTap.
    delete DELETE /v1alpha/{name}
    Deletes a DataTap.
    get GET /v1alpha/{name}
    Gets a DataTap.
    list GET /v1alpha/{parent}/dataTaps
    Lists DataTaps.
    patch PATCH /v1alpha/{dataTap.name}
    Updates a DataTap.

    REST Resource: v1alpha.projects.locations.instances.enrichmentControls

    Methods
    create POST /v1alpha/{parent}/enrichmentControls
    Create an EnrichmentControl resource.
    delete DELETE /v1alpha/{name}
    Delete an EnrichmentControl.
    get GET /v1alpha/{name}
    Get an EnrichmentControl.
    list GET /v1alpha/{parent}/enrichmentControls
    List all EnrichmentControls.

    REST Resource: v1alpha.projects.locations.instances.entities

    Methods
    get GET /v1alpha/{name}
    Gets an entity by name.
    import POST /v1alpha/{parent}/entities:import
    ImportEntities import the entities.
    modifyEntityRiskScore POST /v1alpha/{name}:modifyEntityRiskScore
    Modify base entity risk score for an entity.
    queryEntityRiskScoreModifications GET /v1alpha/{name}:queryEntityRiskScoreModifications
    Query modifications to base entity risk score for an entity.

    REST Resource: v1alpha.projects.locations.instances.entityRiskScores

    Methods
    query GET /v1alpha/{instance}/entityRiskScores:query
    Queries the instance for EntityRiskScores.

    REST Resource: v1alpha.projects.locations.instances.errorNotificationConfigs

    Methods
    create POST /v1alpha/{parent}/errorNotificationConfigs
    Creates a new error notification config for the customer
    delete DELETE /v1alpha/{name}
    Deletes an error notification config.
    get GET /v1alpha/{name}
    Gets a single error notification config.
    list GET /v1alpha/{parent}/errorNotificationConfigs
    Lists error notification configurations for the customer.
    patch PATCH /v1alpha/{errorNotificationConfig.name}
    Updates an error notification config.

    REST Resource: v1alpha.projects.locations.instances.events

    Methods
    batchGet GET /v1alpha/{parent}/events:batchGet
    Gets a batch (list) of events given a list of names and a parent.
    get GET /v1alpha/{name}
    Gets an event given a name.
    import POST /v1alpha/{parent}/events:import
    ImportEvents import the events.

    REST Resource: v1alpha.projects.locations.instances.federationGroups

    Methods
    create POST /v1alpha/{parent}/federationGroups
    CreateFederationGroup method creates a new Federation group.
    delete DELETE /v1alpha/{name}
    DeleteFederationGroup method deletes a Federation group.
    get GET /v1alpha/{name}
    GetFederationGroup method gets a Federation group.
    list GET /v1alpha/{parent}/federationGroups
    ListFederationGroups method lists all Federation groups.
    patch PATCH /v1alpha/{federationGroup.name}
    UpdateFederationGroup method updates a Federation group.

    REST Resource: v1alpha.projects.locations.instances.feedPacks

    Methods
    get GET /v1alpha/{name}
    Gets a feed pack.
    list GET /v1alpha/{parent}/feedPacks
    Lists Packs for which feeds can be configured.

    REST Resource: v1alpha.projects.locations.instances.feedServiceAccounts

    Methods
    fetchServiceAccountForCustomer GET /v1alpha/{parent}/feedServiceAccounts:fetchServiceAccountForCustomer
    Fetch Chronicle's service account used for ingesting data from Cloud Storage buckets.

    REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas

    Methods
    list GET /v1alpha/{parent}/feedSourceTypeSchemas
    List all FeedSourceTypeSchemas.

    REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas.logTypeSchemas

    Methods
    list GET /v1alpha/{parent}/logTypeSchemas
    List all LogTypeSchemas compatible with a given FeedSourceType.

    REST Resource: v1alpha.projects.locations.instances.feeds

    Methods
    create POST /v1alpha/{parent}/feeds
    Creates a feed.
    delete DELETE /v1alpha/{name}
    Deletes a feed.
    disable POST /v1alpha/{name}:disable
    Disable feed for ingestion.
    enable POST /v1alpha/{name}:enable
    Enable feed for ingestion.
    generateSecret POST /v1alpha/{name}:generateSecret
    Generates a new secret for https push feeds which do not support jwt tokens.
    get GET /v1alpha/{name}
    Gets a feed.
    importPushLogs POST /v1alpha/{parent}:importPushLogs
    Import logs coming from https push feeds.
    list GET /v1alpha/{parent}/feeds
    Lists all feeds for the customer.
    patch PATCH /v1alpha/{feed.name}
    Updates the full feed.
    scheduleTransfer POST /v1alpha/{name}:scheduleTransfer
    Schedules a feed transfer for the feed.

    REST Resource: v1alpha.projects.locations.instances.findingsGraph

    Methods
    exploreNode GET /v1alpha/{name}:exploreNode
    Explores a node to find related nodes if it is an IndividualNode or retrieve the individual nodes within the group if it is a GroupNode and return a graph composed by the nodes and their edges over a time range.
    initializeGraph GET /v1alpha/{name}:initializeGraph
    Initialize a graph from a resource such as a detection or an entity.

    REST Resource: v1alpha.projects.locations.instances.findingsRefinements

    Methods
    computeFindingsRefinementActivity POST /v1alpha/{name}:computeFindingsRefinementActivity
    Returns findings refinement activity for a specific findings refinement.
    create POST /v1alpha/{parent}/findingsRefinements
    Creates a new findings refinement.
    get GET /v1alpha/{name}
    Gets a single findings refinement.
    getDeployment GET /v1alpha/{name}
    Gets a findings refinement deployment.
    list GET /v1alpha/{parent}/findingsRefinements
    Lists a collection of findings refinements.
    patch PATCH /v1alpha/{findingsRefinement.name}
    Updates a findings refinement.
    updateDeployment PATCH /v1alpha/{findingsRefinementDeployment.name}
    Updates a findings refinement deployment.

    REST Resource: v1alpha.projects.locations.instances.forwarders

    Methods
    create POST /v1alpha/{parent}/forwarders
    Create a forwarder.
    delete DELETE /v1alpha/{name}
    Delete a forwarder by forwarder ID.
    generateForwarderFiles GET /v1alpha/{name}:generateForwarderFiles
    Generates a forwarder's configuration files.
    get GET /v1alpha/{name}
    Get a forwarder by forwarder ID.
    importStatsEvents POST /v1alpha/{name}:importStatsEvents
    ImportStatsEvents imports stats events from a forwarder.
    list GET /v1alpha/{parent}/forwarders
    List all forwarders for the instance.
    patch PATCH /v1alpha/{forwarder.name}
    Update a forwarder.

    REST Resource: v1alpha.projects.locations.instances.forwarders.collectors

    Methods
    create POST /v1alpha/{parent}/collectors
    Create a collector.
    delete DELETE /v1alpha/{name}
    Delete a collector by collector ID.
    get GET /v1alpha/{name}
    Get a collector by collector ID.
    list GET /v1alpha/{parent}/collectors
    List all collectors for the forwarder.
    patch PATCH /v1alpha/{collector.name}
    Update a collector.

    REST Resource: v1alpha.projects.locations.instances.ingestionLogLabels

    Methods
    get GET /v1alpha/{name}
    Gets an ingestion log label.
    list GET /v1alpha/{parent}/ingestionLogLabels
    Returns the ingestion log labels for the customer.

    REST Resource: v1alpha.projects.locations.instances.ingestionLogNamespaces

    Methods
    get GET /v1alpha/{name}
    Gets an ingestion log namespace.
    list GET /v1alpha/{parent}/ingestionLogNamespaces
    Lists ingestion log namespaces for the customer.

    REST Resource: v1alpha.projects.locations.instances.iocs

    Methods
    batchGet GET /v1alpha/{parent}/iocs:batchGet
    Gets a batch (list) of iocs given a list of names and a parent.
    findFirstAndLastSeen GET /v1alpha/{name}:findFirstAndLastSeen
    FindFirstAndLastSeen for an Ioc.
    get GET /v1alpha/{name}
    Get an Ioc.
    getIocState GET /v1alpha/{name}
    Gets the status of an ioc
    searchCuratedDetectionsForIoc GET /v1alpha/{name}:searchCuratedDetectionsForIoc
    Search curated detections for an Ioc.
    updateIocState PATCH /v1alpha/{iocState.name}
    Update an Ioc state.

    REST Resource: v1alpha.projects.locations.instances.legacy

    Methods
    legacyBatchGetCases GET /v1alpha/{instance}/legacy:legacyBatchGetCases
    RPC for fetching cases for the given caseNames.
    legacyBatchGetCollections GET /v1alpha/{instance}/legacy:legacyBatchGetCollections
    RPC for getting a batch of collections based on their Collection Ids.
    legacyCreateOrUpdateCase POST /v1alpha/{instance}/legacy:legacyCreateOrUpdateCase
    Legacy RPC for creating or updating an existing case.
    legacyCreateSoarAlert POST /v1alpha/{instance}/legacy:legacyCreateSoarAlert
    RPC for creating a SOAR alert.
    legacyFetchAlertsView GET /v1alpha/{instance}/legacy:legacyFetchAlertsView
    Legacy streaming endpoint for getting alerts (and in some cases, non-alerting detections) along with aggregated fields that match the query.
    legacyFetchUdmSearchCsv POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchCsv
    Legacy endpoint for fetching csv rows for matching UDM search.
    legacyFetchUdmSearchView POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchView
    Legacy endpoint for fetching events, filters, and histograms matching UDM search.
    legacyFindAssetEvents GET /v1alpha/{instance}/legacy:legacyFindAssetEvents
    Legacy endpoint for getting events for an asset indicator.
    legacyFindRawLogs GET /v1alpha/{instance}/legacy:legacyFindRawLogs
    Legacy endpoint for getting events for a raw log search query.
    legacyFindUdmEvents GET /v1alpha/{instance}/legacy:legacyFindUdmEvents
    Legacy endpoint for finding UDM/entity events using tokens or ids.
    legacyGetAlert GET /v1alpha/{instance}/legacy:legacyGetAlert
    RPC for fetching an alert based on its Alert Id.
    legacyGetCuratedRulesTrends GET /v1alpha/{instance}/legacy:legacyGetCuratedRulesTrends
    Legacy RPC for listing detection counts and last detection timestamp for a list of Curated Rule ids.
    legacyGetDetection GET /v1alpha/{instance}/legacy:legacyGetDetection
    Legacy endpoint for fetching a Detection.
    legacyGetEventForDetection GET /v1alpha/{instance}/legacy:legacyGetEventForDetection
    Legacy endpoint for getting event for curated detection.
    legacyGetRuleCounts GET /v1alpha/{instance}/legacy:legacyGetRuleCounts
    RPC to get rule counts.
    legacyGetRulesTrends GET /v1alpha/{instance}/legacy:legacyGetRulesTrends
    Legacy RPC for listing detection counts and last detection timestamp for a list of user-defined rule ids.
    legacyRunTestRule POST /v1alpha/{instance}/legacy:legacyRunTestRule
    Legacy RPC to test a rule and stream back the responses.
    legacySearchArtifactEvents GET /v1alpha/{instance}/legacy:legacySearchArtifactEvents
    Legacy endpoint for getting events for a given artifact.
    legacySearchArtifactIoCDetails GET /v1alpha/{instance}/legacy:legacySearchArtifactIoCDetails
    Rpc to search for IoC details for a particular artifact.
    legacySearchAssetEvents GET /v1alpha/{instance}/legacy:legacySearchAssetEvents
    Legacy endpoint for getting events for a given asset.
    legacySearchCuratedDetections GET /v1alpha/{instance}/legacy:legacySearchCuratedDetections
    Legacy endpoint for searcing detections for a Curated Rule.
    legacySearchCustomerStats POST /v1alpha/{instance}/legacy:legacySearchCustomerStats
    LegacySearchCustomerStats gets data collection stats about a customer, e.g., the first time data was seen from a customer, the last time, etc.
    legacySearchDetections GET /v1alpha/{instance}/legacy:legacySearchDetections
    Legacy endpoint for searching detections for a rule version.
    legacySearchDomainsRecentlyRegistered GET /v1alpha/{instance}/legacy:legacySearchDomainsRecentlyRegistered
    Given a list of domain names and a time, returns only the domains that were recently registered relative to that time.
    legacySearchDomainsTimingStats GET /v1alpha/{instance}/legacy:legacySearchDomainsTimingStats
    Given a list of domain names, returns time-related statistics for those domains (ex: the first seen in the enterprise time).
    legacySearchEnterpriseWideAlerts GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideAlerts
    RPC for getting all alerts in a time range in legacy page site.
    legacySearchEnterpriseWideIoCs GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideIoCs
    RPC for listing IoC matches against ingested events.
    legacySearchFindings GET /v1alpha/{instance}/legacy:legacySearchFindings
    Legacy endpoint for listing Findings.
    legacySearchIngestionStats POST /v1alpha/{instance}/legacy:legacySearchIngestionStats
    LegacySearchIngestionStats gets data ingestion stats about a given customer, e.g.
    legacySearchIoCInsights GET /v1alpha/{instance}/legacy:legacySearchIoCInsights
    Rpc to list IoC insights on given artifacts.
    legacySearchRawLogs GET /v1alpha/{instance}/legacy:legacySearchRawLogs
    Legacy endpoint for getting events for a raw log search.
    legacySearchRuleDetectionCountBuckets GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets
    Legacy endpoint for listing detection count buckets for a Rules Engine rule.
    legacySearchRuleDetectionEvents GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionEvents
    Legacy RPC for listing events associated with a particular Detection generated by a Rules Engine rule.
    legacySearchRuleResults GET /v1alpha/{instance}/legacy:legacySearchRuleResults
    Legacy endpoint for listing aggregated results for a Rules Engine rule.
    legacySearchRulesAlerts GET /v1alpha/{instance}/legacy:legacySearchRulesAlerts
    RPC to get the list of Rules Enginer generated alerts for a customer.
    legacySearchUserEvents GET /v1alpha/{instance}/legacy:legacySearchUserEvents
    Legacy endpoint for getting events for a given user.
    legacyStreamDetectionAlerts POST /v1alpha/{instance}/legacy:legacyStreamDetectionAlerts
    Legacy StreamDetectionAlerts continuously streams new detection alerts as they are discovered.
    legacyTestRuleStreaming POST /v1alpha/{instance}/legacy:legacyTestRuleStreaming
    LegacyTestRuleStreaming tests the given rule text over a specified time range and streams detections/errors back without persisting them.
    legacyUpdateAlert POST /v1alpha/{instance}/legacy:legacyUpdateAlert
    Legacy endpoint for updating an alert.

    REST Resource: v1alpha.projects.locations.instances.logTypes

    Methods
    create POST /v1alpha/{parent}/logTypes
    Create LogType.
    generateEventTypesSuggestions POST /v1alpha/{logtype}:generateEventTypesSuggestions
    GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.
    get GET /v1alpha/{name}
    Gets a LogType.
    getLogTypeSetting GET /v1alpha/{name}
    Gets a LogTypeSetting.
    legacySubmitParserExtension POST /v1alpha/{parent}:legacySubmitParserExtension
    LegacySubmitParserExtension creates validates and then makes the extension live.
    list GET /v1alpha/{parent}/logTypes
    Lists all LogTypes.
    patch PATCH /v1alpha/{logType.name}
    Update LogType.
    runParser POST /v1alpha/{logtype}:runParser
    RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.
    updateLogTypeSetting PATCH /v1alpha/{logTypeSetting.name}
    UpdateLogTypeSetting updates the log type setting for a log type.

    REST Resource: v1alpha.projects.locations.instances.logTypes.logs

    Methods
    export POST /v1alpha/{parent}/logs:export
    Export log telemetry.
    get GET /v1alpha/{name}
    Gets a Log.
    import POST /v1alpha/{parent}/logs:import
    Import log telemetry.
    list GET /v1alpha/{parent}/logs
    Lists all Logs.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions

    Methods
    activate POST /v1alpha/{name}:activate
    ActivateParserExtension switches the customer to use requested parser extension, This will set the extension state to ACTIVE.
    create POST /v1alpha/{parent}/parserExtensions
    Create a parser extension.
    delete DELETE /v1alpha/{name}
    Delete a parser extension.
    get GET /v1alpha/{name}
    Get a parser extension.
    list GET /v1alpha/{parent}/parserExtensions
    List all parser extensions.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports

    Methods
    get GET /v1alpha/{name}
    Get a parser vaildation report.
    list GET /v1alpha/{parent}/extensionValidationReports
    List all parser validation reports for a parser extension.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports.validationErrors

    Methods
    list GET /v1alpha/{parent}/validationErrors
    List validation errors of a parser extension validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports

    Methods
    get GET /v1alpha/{name}
    Get a validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports.parsingErrors

    Methods
    list GET /v1alpha/{parent}/parsingErrors
    List parsing errors of a validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parsers

    Methods
    activate POST /v1alpha/{name}:activate
    ActivateParser switches the customer to use requested parser, This will set the Parser state to ACTIVE.
    activateReleaseCandidateParser POST /v1alpha/{name}:activateReleaseCandidateParser
    ActivateReleaseCandidateParser makes the release candidate parser live for that customer.
    copy POST /v1alpha/{name}:copy
    CopyPrebuiltParser makes a copy of a prebuilt parser.
    create POST /v1alpha/{parent}/parsers
    Create a parser.
    deactivate POST /v1alpha/{name}:deactivate
    DeactivateParser deactivates the requested parser, and activates the prebuilt release parser.
    delete DELETE /v1alpha/{name}
    Delete a parser.
    get GET /v1alpha/{name}
    Get a parser.
    list GET /v1alpha/{parent}/parsers
    List all parsers.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports

    Methods
    get GET /v1alpha/{name}
    Get a validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports.parsingErrors

    Methods
    list GET /v1alpha/{parent}/parsingErrors
    List parsing errors of a validation report.

    REST Resource: v1alpha.projects.locations.instances.logs

    Methods
    classify POST /v1alpha/{parent}/logs:classify
    Classify the logs to the corresponding logType.

    REST Resource: v1alpha.projects.locations.instances.nativeDashboards

    Methods
    addChart POST /v1alpha/{name}:addChart
    Add chart in a dashboard.
    create POST /v1alpha/{parent}/nativeDashboards
    Create a dashboard.
    delete DELETE /v1alpha/{name}
    Delete a dashboard.
    duplicate POST /v1alpha/{name}:duplicate
    Duplicate a dashboard.
    duplicateChart POST /v1alpha/{name}:duplicateChart
    Duplicate chart in a dashboard.
    editChart POST /v1alpha/{name}:editChart
    Edit chart in a dashboard.
    export POST /v1alpha/{parent}/nativeDashboards:export
    Exports the dashboards.
    get GET /v1alpha/{name}
    Get a dashboard.
    import POST /v1alpha/{parent}/nativeDashboards:import
    Imports the dashboards.
    list GET /v1alpha/{parent}/nativeDashboards
    List all dashboards.
    patch PATCH /v1alpha/{nativeDashboard.name}
    Update a dashboard.
    removeChart POST /v1alpha/{name}:removeChart
    Remove chart from a dashboard.

    REST Resource: v1alpha.projects.locations.instances.operations

    Methods
    cancel POST /v1alpha/{name}:cancel
    Starts asynchronous cancellation on a long-running operation.
    delete DELETE /v1alpha/{name}
    Deletes a long-running operation.
    get GET /v1alpha/{name}
    Gets the latest state of a long-running operation.
    list GET /v1alpha/{name}/operations
    Lists operations that match the specified filter in the request.
    streamSearch GET /v1alpha/{name}:streamSearch
    Streams the results of an in-progress search operation, or returns the final results of a completed operation.

    REST Resource: v1alpha.projects.locations.instances.referenceLists

    Methods
    create POST /v1alpha/{parent}/referenceLists
    Creates a new reference list.
    get GET /v1alpha/{name}
    Gets a single reference list.
    list GET /v1alpha/{parent}/referenceLists
    Lists a collection of reference lists.
    patch PATCH /v1alpha/{referenceList.name}
    Updates an existing reference list.

    REST Resource: v1alpha.projects.locations.instances.ruleExecutionErrors

    Methods
    list GET /v1alpha/{parent}/ruleExecutionErrors
    Lists rule execution errors.

    REST Resource: v1alpha.projects.locations.instances.rules

    Methods
    create POST /v1alpha/{parent}/rules
    Creates a new Rule.
    delete DELETE /v1alpha/{name}
    Deletes a Rule.
    get GET /v1alpha/{name}
    Gets a Rule.
    getDeployment GET /v1alpha/{name}
    Gets a RuleDeployment.
    list GET /v1alpha/{parent}/rules
    Lists Rules.
    listRevisions GET /v1alpha/{name}:listRevisions
    Lists all revisions of the rule.
    patch PATCH /v1alpha/{rule.name}
    Updates a Rule.
    updateDeployment PATCH /v1alpha/{ruleDeployment.name}
    Updates a RuleDeployment.

    REST Resource: v1alpha.projects.locations.instances.rules.deployments

    Methods
    list GET /v1alpha/{parent}/deployments
    Lists RuleDeployments across all Rules.

    REST Resource: v1alpha.projects.locations.instances.rules.retrohunts

    Methods
    create POST /v1alpha/{parent}/retrohunts
    Create a Retrohunt.
    get GET /v1alpha/{name}
    Get a Retrohunt.
    list GET /v1alpha/{parent}/retrohunts
    List Retrohunts.

    REST Resource: v1alpha.projects.locations.instances.users

    Methods
    clearConversationHistory POST /v1alpha/{name}:clearConversationHistory
    ClearConversationHistory deletes all the user's data (messages and conversations) except of feedbacks.
    getPreferenceSet GET /v1alpha/{name}
    Endpoint for getting a user's PreferenceSet
    updatePreferenceSet PATCH /v1alpha/{preferenceSet.name}
    Endpoint for updating user data saved query

    REST Resource: v1alpha.projects.locations.instances.users.conversations

    Methods
    create POST /v1alpha/{parent}/conversations
    CreateConversation is used to create a new conversation.
    delete DELETE /v1alpha/{name}
    DeleteConversation is used to delete a conversation.
    get GET /v1alpha/{name}
    GetConversation is used to retrieve an existing conversation.
    list GET /v1alpha/{parent}/conversations
    ListConversations is used to retrieve existing conversations.
    patch PATCH /v1alpha/{conversation.name}
    UpdateConversation is used to update an existing conversation.

    REST Resource: v1alpha.projects.locations.instances.users.conversations.messages

    Methods
    create POST /v1alpha/{parent}/messages
    CreateMessage is used to create a new message in a conversation.
    delete DELETE /v1alpha/{name}
    DeleteMessage is used to delete a message.
    get GET /v1alpha/{name}
    GetMessage is used to retrieve a message.
    list GET /v1alpha/{parent}/messages
    ListMessages is used to retrieve existing messages for a conversation.
    patch PATCH /v1alpha/{message.name}
    UpdateMessage is used to update an existing message.

    REST Resource: v1alpha.projects.locations.instances.users.searchQueries

    Methods
    create POST /v1alpha/{parent}/searchQueries
    Endpoint for adding a new entry to the specified collection of user data
    delete DELETE /v1alpha/{name}
    Endpoint for deleting a user data saved query entry
    get GET /v1alpha/{name}
    Endpoint for getting a user's Saved query entry
    list GET /v1alpha/{parent}/searchQueries
    Endpoint for listing the user data saved queries owned by the specified user
    patch PATCH /v1alpha/{searchQuery.name}
    Endpoint for updating user data saved query

    REST Resource: v1alpha.projects.locations.instances.watchlists

    Methods
    create POST /v1alpha/{parent}/watchlists
    Creates a watchlist for the given instance.
    delete DELETE /v1alpha/{name}
    Deletes the watchlist for the given instance.
    get GET /v1alpha/{name}
    Gets watchlist details for the given watchlist ID.
    list GET /v1alpha/{parent}/watchlists
    Lists all watchlists for the given instance.
    listEntities GET /v1alpha/{parent}:listEntities
    Lists all entities for the given watchlist.
    patch PATCH /v1alpha/{watchlist.name}
    Updates the watchlist for the given instance.

    REST Resource: v1alpha.projects.locations.instances.watchlists.entities

    Methods
    add POST /v1alpha/{parent}/entities:add
    Adds an entity in watchlist.
    batchAdd POST /v1alpha/{parent}/entities:batchAdd
    Adds a batch of entities under watchlist.
    batchRemove POST /v1alpha/{parent}/entities:batchRemove
    Removes entities in batch in the given watchlist.
    remove POST /v1alpha/{name}:remove
    Removes the entity in the given watchlist.

    REST Resource: v1.projects.locations.instances

    Methods
    get GET /v1/{name}
    Gets a Instance.

    REST Resource: v1.projects.locations.instances.dataAccessLabels

    Methods
    create POST /v1/{parent}/dataAccessLabels
    Creates a data access label.
    delete DELETE /v1/{name}
    Deletes a data access label.
    get GET /v1/{name}
    Gets a data access label.
    list GET /v1/{parent}/dataAccessLabels
    Lists all data access labels for the customer.
    patch PATCH /v1/{dataAccessLabel.name}
    Updates a data access label.

    REST Resource: v1.projects.locations.instances.dataAccessScopes

    Methods
    create POST /v1/{parent}/dataAccessScopes
    Creates a data access scope.
    delete DELETE /v1/{name}
    Deletes a data access scope.
    get GET /v1/{name}
    Retrieves an existing data access scope.
    list GET /v1/{parent}/dataAccessScopes
    Lists all existing data access scopes for the customer.
    patch PATCH /v1/{dataAccessScope.name}
    Updates a data access scope.

    REST Resource: v1.projects.locations.instances.operations

    Methods
    cancel POST /v1/{name}:cancel
    Starts asynchronous cancellation on a long-running operation.
    delete DELETE /v1/{name}
    Deletes a long-running operation.
    get GET /v1/{name}
    Gets the latest state of a long-running operation.
    list GET /v1/{name}/operations
    Lists operations that match the specified filter in the request.

    REST Resource: v1.projects.locations.instances.referenceLists

    Methods
    create POST /v1/{parent}/referenceLists
    Creates a new reference list.
    get GET /v1/{name}
    Gets a single reference list.
    list GET /v1/{parent}/referenceLists
    Lists a collection of reference lists.
    patch PATCH /v1/{referenceList.name}
    Updates an existing reference list.

    REST Resource: v1.projects.locations.instances.rules

    Methods
    create POST /v1/{parent}/rules
    Creates a new Rule.
    delete DELETE /v1/{name}
    Deletes a Rule.
    get GET /v1/{name}
    Gets a Rule.
    getDeployment GET /v1/{name}
    Gets a RuleDeployment.
    list GET /v1/{parent}/rules
    Lists Rules.
    listRevisions GET /v1/{name}:listRevisions
    Lists all revisions of the rule.
    patch PATCH /v1/{rule.name}
    Updates a Rule.
    updateDeployment PATCH /v1/{ruleDeployment.name}
    Updates a RuleDeployment.

    REST Resource: v1.projects.locations.instances.rules.deployments

    Methods
    list GET /v1/{parent}/deployments
    Lists RuleDeployments across all Rules.

    REST Resource: v1.projects.locations.instances.rules.retrohunts

    Methods
    create POST /v1/{parent}/retrohunts
    Create a Retrohunt.
    get GET /v1/{name}
    Get a Retrohunt.
    list GET /v1/{parent}/retrohunts
    List Retrohunts.

    REST Resource: v1.projects.locations.instances.watchlists

    Methods
    create POST /v1/{parent}/watchlists
    Creates a watchlist for the given instance.
    delete DELETE /v1/{name}
    Deletes the watchlist for the given instance.
    get GET /v1/{name}
    Gets watchlist details for the given watchlist ID.
    list GET /v1/{parent}/watchlists
    Lists all watchlists for the given instance.
    patch PATCH /v1/{watchlist.name}
    Updates the watchlist for the given instance.