Resource: FindingsRefinement
Represents a set of logic conditions used to refine various types of findings such as curated rule detections.
JSON representation |
---|
{
"name": string,
"display_name": string,
"type": enum ( |
Fields | |
---|---|
name |
Full resource name for the findings refinement. Format: projects/{project}/locations/{region}/instances/{instance}/findingsRefinements/{findings_refinement} |
display_name |
Display name of the findings refinement. |
type |
The type of findings refinement. |
create_time |
Output only. The timestamp of when the findings refinement was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update_time |
Output only. The timestamp of when the findings refinement was last updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
query |
The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search |
FindingsRefinementType
The type of findings refinement, which determines what the findings refinement runs over and the mechanism by which it runs.
Enums | |
---|---|
FINDINGS_REFINEMENT_TYPE_UNSPECIFIED |
The findings refinement type is unspecified. |
DETECTION_EXCLUSION |
Indicates that the findings refinement is a detection exclusion and should exclude matching detections. |
Methods |
|
---|---|
|
Returns findings refinement activity for a specific findings refinement. |
|
Creates a new findings refinement. |
|
Gets a single findings refinement. |
|
Gets a findings refinement deployment. |
|
Lists a collection of findings refinements. |
|
Updates a findings refinement. |
|
Updates a findings refinement deployment. |