ExplorationOptions

{
  "grouping_threshold": integer,
  "page_size": integer,
  "page_token": string,
  "explore_sampled_events": boolean,
  "detection_view": enum (DetectionView),
  "alert_only": boolean,
  "node_view": enum (NodeView)
}

integer

Optional. The threshold to group individual nodes into a group node. For example: If the threshold is 5 and there are > 5 individual nodes belonging to the same group found in the expansion, then a group node indicating the group information will be returned instead of these individual nodes. The default threshold is 2. The threshold only applies to grouping detection nodes from an entity node expansion. Grouping entity nodes is not supported while rule-related detections are always grouped by a threshold of 1.

integer

Optional. The limit of the total nodes(individual nodes + group nodes) will be returned in the expansion. If unspecified, at most 5 nodes will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. Pagination applies to the nodes in the response and the edges that touch those nodes.

string

Optional. A page token, received from a previous call. Pagination applies to the nodes in the response and the edges that touch those nodes. Provide this to retrieve the subsequent nodes.

When paginating, all other parameters provided in the ExplorationOptions must match the options in the call that provided the page token.

boolean

Optional. Whether looking for related resources associated with indicators from sampled events or from Outcome/Match variables. False by default.

enum (DetectionView)

Optional. The view field indicates the scope of reference fields to populate for the detection being returned. If unspecified, defaults to EVENT_ONLY.

boolean

Optional. Whether to retrieve alerting detections only. False by default.

enum (NodeView)

Optional. The view field indicates the fields to populate when returning a node.