PreferenceSet

JSON representation
UiPreferences
- JSON representation
SearchHistory
- JSON representation
RelativeTimeRange
- JSON representation
ColumnSet
- JSON representation
DismissibleNotification
- JSON representation
SearchPreferences
- JSON representation
DataSampleStrategy

A collection of preferences for a user.

JSON representation
{ "name": string, "uiPreferences": { object (`UiPreferences`) } }

Fields

Fields
`name`	`string` Output only. Identifier. Resource name.
`uiPreferences`	`object (UiPreferences)` Optional. Preferences for UI configuration.

name

string

Output only. Identifier. Resource name.

uiPreferences

object (UiPreferences)

Optional. Preferences for UI configuration.

UiPreferences

Collection of preferences for UI configuration.

JSON representation

JSON representation
{ "displayTimezone": string, "searchHistory": [ { object (`SearchHistory`) } ], "enableSearchHistory": boolean, "columnSets": [ { object (`ColumnSet`) } ], "pinnedFields": [ string ], "enableDuetAiChat": boolean, "languageCode": string, "dismissibleNotifications": [ { object (`DismissibleNotification`) } ], "udmFieldsViewerPinnedFields": [ string ], "enableLabs": boolean, "rulesPreferences": { string: string, ... }, "mitrePreferences": { string: string, ... }, "searchPreferences": { object (`SearchPreferences`) } }

{
  "displayTimezone": string,
  "searchHistory": [
    {
      object (SearchHistory)
    }
  ],
  "enableSearchHistory": boolean,
  "columnSets": [
    {
      object (ColumnSet)
    }
  ],
  "pinnedFields": [
    string
  ],
  "enableDuetAiChat": boolean,
  "languageCode": string,
  "dismissibleNotifications": [
    {
      object (DismissibleNotification)
    }
  ],
  "udmFieldsViewerPinnedFields": [
    string
  ],
  "enableLabs": boolean,
  "rulesPreferences": {
    string: string,
    ...
  },
  "mitrePreferences": {
    string: string,
    ...
  },
  "searchPreferences": {
    object (SearchPreferences)
  }
}

Fields
`displayTimezone`	`string` Optional. Timezone for displaying times to the user.
`searchHistory[]`	`object (SearchHistory)` Optional. Previously run search queries. This will be limited to around 20 queries by the calling UI code.
`enableSearchHistory`	`boolean` Optional. Flag for enabling saving search history. True if it is enabled.
`columnSets[]`	`object (ColumnSet)` Optional. A list of ColumnSets saved by the user.
`pinnedFields[]`	`string` Optional. A list of fields to pin at the top of the quick filters panel.
`enableDuetAiChat`	`boolean` Optional. Flag for user opt-in setting for Duet AI in Chronicle. True if user is opted-in.
`languageCode`	`string` Optional. The users's preferred language. -- Set via the URL param hl. --
`dismissibleNotifications[]`	`object (DismissibleNotification)` Optional. A list of notifications that the use can dismiss, or dismissed already.
`udmFieldsViewerPinnedFields[]`	`string` Optional. A list of fields to pin at the top of the udm fields viewer.
`enableLabs`	`boolean` Optional. Flag for user opt-in setting for SecOps Labs. True if user is opted-in.
`rulesPreferences`	`map (key: string, value: string)` Optional. Preferences for the Rules views. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
`mitrePreferences`	`map (key: string, value: string)` Optional. Preferences for the Mitre views across the app. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
`searchPreferences`	`object (SearchPreferences)` Optional. Search configuration preferences.

SearchHistory

A previously run Search Query.

JSON representation

JSON representation
{ "query": string, "timeRange": { object (`Interval`) }, "executionTime": string, "chronicleOwned": boolean, "naturalLanguageQuery": string, "displayName": string, "description": string, "searchSaveTime": string, "searchUpdateTime": string, "rawQuery": string, "placeholderNames": [ string ], "placeholderDescriptions": [ string ], "placeholderValues": [ string ], "savedSearchResource": string, "savedSearchId": string, "sharingMode": enum (`SharingMode`), "queryType": enum (`QueryType`), "caseInsensitive": boolean, "operation": string, "relativeTimeRange": { object (`RelativeTimeRange`) }, "columnSetLabel": string }

{
  "query": string,
  "timeRange": {
    object (Interval)
  },
  "executionTime": string,
  "chronicleOwned": boolean,
  "naturalLanguageQuery": string,
  "displayName": string,
  "description": string,
  "searchSaveTime": string,
  "searchUpdateTime": string,
  "rawQuery": string,
  "placeholderNames": [
    string
  ],
  "placeholderDescriptions": [
    string
  ],
  "placeholderValues": [
    string
  ],
  "savedSearchResource": string,
  "savedSearchId": string,
  "sharingMode": enum (SharingMode),
  "queryType": enum (QueryType),
  "caseInsensitive": boolean,
  "operation": string,
  "relativeTimeRange": {
    object (RelativeTimeRange)
  },
  "columnSetLabel": string
}

Fields
`query`	`string` Required. The UDM Search query that was executed.
`timeRange`	`object (Interval)` Optional. The time interval that the query is run over.
`executionTime`	`string (Timestamp format)` Optional. The time the query was run. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`chronicleOwned`	`boolean` Optional. Whether the saved search used is based on a saved template owned by Chronicle.
`naturalLanguageQuery`	`string` If applicable, the natural language query used to generate the UDM Search Query.
`displayName`	`string` If applicable, the display name of the saved search used to generate this instance.
`description`	`string` If applicable, the description of the saved search used to generate this instance.
`searchSaveTime`	`string (Timestamp format)` Optional. If applicable, the created timestamp of the saved search used to generate this instance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`searchUpdateTime`	`string (Timestamp format)` Optional. If applicable, the updated timestamp of the saved search used to generate this instance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`rawQuery`	`string` Optional. If applicable, the UDM saved search string with unreplaced placeholder names, from the saved search query used to generate this instance, e.g. "principal.hostname = $placeholder1 and target.ip = $placeholder2".
`placeholderNames[]`	`string` Optional. If applicable, the placeholder names from the saved search used to generate this instance, e.g. ["$placeholder1", "$placeholder2"].
`placeholderDescriptions[]`	`string` Optional. If applicable, the placeholder descriptions from the saved search used to generate this instance, e.g. ["host", "ip"]. Each element's position corresponds to placeholderNames.
`placeholderValues[]`	`string` Optional. If applicable, the placeholder values from the saved search to generate this instance, e.g. ["abu", "1.2.3.4"]. Each element's position corresponds to placeholderNames.
`savedSearchResource`	`string` Optional. If applicable, the resource name of the saved search used to generate this instance. Format: `projects/{project}/location/{location}/instances/{instance}/users/{user}/searchQueries/{queryid}`
`savedSearchId`	`string` Optional. If applicable, the id of the saved search used to generate this instance.
`sharingMode`	`enum (SharingMode)` Optional. If applicable, the sharing mode of the saved search used to generate this instance.
`queryType`	`enum (QueryType)` Optional. The query type.
`caseInsensitive`	`boolean` Optional. If true, the search was performed in a case-insensitive manner.
`operation`	`string` Optional. The name of the operation resource representing the UDM Search operation. This can be used to fetch stored results or stream the results of an in-progress operation. Format: projects/{project}/locations/{location}/instances/{instance}/operations/{operation}
`relativeTimeRange`	`object (RelativeTimeRange)` Optional. Defines a time range relative to the start point of the query over which it is running.
`columnSetLabel`	`string` Optional. The label of the column set added to the search query. 'columnSetLabel' maps to the 'columnSets' field in the 'PreferenceSet' resource.

RelativeTimeRange

Defines a time range relative to a reference point. Specifies the duration (timeSpan) and unit (timeUnit) of the range.

JSON representation
{ "timeSpan": string, "timeUnit": enum (`TimeUnit`) }

Fields

Fields
`timeSpan`	`string (int64 format)` Optional. Relative time value.
`timeUnit`	`enum (TimeUnit)` Optional. Relative time unit.

timeSpan

string (int64 format)

Optional. Relative time value.

timeUnit

enum (TimeUnit)

Optional. Relative time unit.

ColumnSet

A list of UDM columns with a unique name.

JSON representation
{ "label": string, "columns": [ string ] }

Fields

Fields
`label`	`string` The name of the column set.
`columns[]`	`string` The list of udm fields corresponding to columns.

label

string

The name of the column set.

columns[]

string

The list of udm fields corresponding to columns.

DismissibleNotification

A notification that the user can dismiss.

JSON representation
{ "id": string, "dismissedTime": string }

Fields

Fields
`id`	`string` Required. Unique ID of the user notification. Any non-empty string is accepted. The UI will use a literal string to identify notifications used in certain places of the product. It is preferable to have user-friendly self-descripting strings (eg. "new-feature-popup").
`dismissedTime`	`string (Timestamp format)` Optional. The time the notification was dismissed. The notification should considered dismissed when the time is prior to "now". Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.

id

string

Required. Unique ID of the user notification. Any non-empty string is accepted. The UI will use a literal string to identify notifications used in certain places of the product. It is preferable to have user-friendly self-descripting strings (eg. "new-feature-popup").

dismissedTime

string (Timestamp format)

Optional. The time the notification was dismissed. The notification should considered dismissed when the time is prior to "now".

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

SearchPreferences

Collection of preferences for Search configuration.

JSON representation
{ "maxDataSampleCount": integer, "dataSampleStrategy": enum (`DataSampleStrategy`) }

Fields

Fields
`maxDataSampleCount`	`integer` Optional. The maximum number of data samples to return.
`dataSampleStrategy`	`enum (DataSampleStrategy)` Optional. The data sample strategy to use for fetching search results.

maxDataSampleCount

integer

Optional. The maximum number of data samples to return.

dataSampleStrategy

enum (DataSampleStrategy)

Optional. The data sample strategy to use for fetching search results.

DataSampleStrategy

The data sample strategy to use for fetching search results.

Enums
`DATA_SAMPLE_STRATEGY_UNSPECIFIED`	No data sample strategy specified.
`FAST_RETRIEVAL`	Return required number of results which are retrieved earlier and discard the rest.
`MOST_FRESH`	Return the latest/newest required number of results and discard the rest.