ExplorationOptions

JSON representation
NodeView

Request options when explore an individual node.

JSON representation

JSON representation
{ "grouping_threshold": integer, "page_size": integer, "page_token": string, "explore_sampled_events": boolean, "detection_view": enum (`DetectionView`), "alert_only": boolean, "node_view": enum (`NodeView`) }

{
  "grouping_threshold": integer,
  "page_size": integer,
  "page_token": string,
  "explore_sampled_events": boolean,
  "detection_view": enum (DetectionView),
  "alert_only": boolean,
  "node_view": enum (NodeView)
}

Fields
`grouping_threshold`	`integer` Optional. The threshold to group individual nodes into a group node. For example: If the threshold is 5 and there are > 5 individual nodes belonging to the same group found in the expansion, then a group node indicating the group information will be returned instead of these individual nodes. The default threshold is 2. The threshold only applies to grouping detection nodes from an entity node expansion. Grouping entity nodes is not supported while rule-related detections are always grouped by a threshold of 1.
`page_size`	`integer` Optional. The limit of the total nodes(individual nodes + group nodes) will be returned in the expansion. If unspecified, at most 5 nodes will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. Pagination applies to the nodes in the response and the edges that touch those nodes.
`page_token`	`string` Optional. A page token, received from a previous call. Pagination applies to the nodes in the response and the edges that touch those nodes. Provide this to retrieve the subsequent nodes. When paginating, all other parameters provided in the ExplorationOptions must match the options in the call that provided the page token.
`explore_sampled_events`	`boolean` Optional. Whether looking for related resources associated with indicators from sampled events or from Outcome/Match variables. `False` by default.
`detection_view`	`enum (DetectionView)` Optional. The view field indicates the scope of reference fields to populate for the detection being returned. If unspecified, defaults to EVENT_ONLY.
`alert_only`	`boolean` Optional. Whether to retrieve alerting detections only. `False` by default.
`node_view`	`enum (NodeView)` Optional. The view field indicates the fields to populate when returning a node.

NodeView

NodeView indicates the fields to populate when returning a node.

Enums
`NODE_VIEW_UNSPECIFIED`	The default/unset value. The API will default to the NODE_VIEW_BASIC view.
`NODE_VIEW_BASIC`	Basic node view excludes the adjacent node counts and entity risk scores.
`NODE_VIEW_FULL`	Node view including everything.