- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- RuleError
- UserFacingError
- Try it!
Full name: projects.locations.instances.legacy.legacyRunTestRule
Legacy RPC to test a rule and stream back the responses. Runs the rule over the given time range and streams back detections and errors without persisting them.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyRunTestRule
Path parameters
Parameters | |
---|---|
instance |
Required. The Chronicle instance associated with the request. Format: projects/{project}/locations/{location}/instances/{instance} |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{
"rule_text": string,
"time_range": {
object ( |
Fields | |
---|---|
rule_text |
Required. The rule text to be tested. |
time_range |
Required. The time range the rule should be tested on. Limited to 14 days. |
max_results |
Optional. The maximum number of results to return. The service may return fewer than this value. If unspecified, at most 1000 detections will be returned. The maximum value is 10000; values above 10000 will be coerced to 10000. |
scope |
Optional. The data access scope to use to run the rule. This field is only required if data access control is enabled. |
Response body
Response message for LegacyRunTestRule.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "detection": { object ( |
Fields | |
---|---|
detection |
Detection found for the given rule text. |
rule_compilation_failed |
Indicates if the rule failed to compile. |
rule_compilation_error |
The compilation error generated from the rule text. |
rule_error |
The rule's runtime error. |
too_many_detections |
Indicates if the request would have streamed more detections than max_results allows. |
progress_percent |
The progress percent of the run, from 0.0-100.0. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacyRunTestRule
For more information, see the IAM documentation.
RuleError
JSON representation |
---|
{ "user_facing_error": { object ( |
Fields | |
---|---|
user_facing_error |
|
time_range |
|
id |
|
UserFacingError
JSON representation |
---|
{
"status": {
object ( |
Fields | |
---|---|
status |
|