Access your security data programmatically.
Detection Engine API
Create, run, and manage Detection Engine rules.
Feed Management API
Create, run, and manage data feeds to your send logs to Chronicle.
Send device logs to Chronicle programmatically using the Ingestion API.
Google Cloud Threat Intelligence API
Get and list your Google Cloud Threat Intelligence alerts from your Chronicle account programmatically.
Role-based access control (RBAC) enables you to tailor access to Chronicle features based on an employee's role in your organization.
Unified Data Model field list
List of fields in the Unified Data Model (UDM).
Unified Data Model usage guide
More detailed descriptions of the Unified Data Model (UDM) fields, including the required and optional attributes depending on the event type.
Supported data sets
Supported vendor and device logs that can be ingested into Chronicle.
Supported default parsers
Vendor and device logs with default parsers in Chronicle.
Information on the audit logs created by Chronicle as part of Cloud Audit Logs.
Chronicle health metrics schema
Schema description of the ingestion_metric table in BigQuery.
Ingestion metrics Explore field reference
Description of the fields that appear in the Ingestion metrics Explore interface.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.