Method: iocMatches.list

Full name: projects.locations.instances.iocs.iocMatches.list

Lists Ioc matches across all iocs.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{parent}/iocMatches

Path parameters

Parameters
parent

string

Required. The collection of all parents which own all ioc matches. The "-" wildcard token must be used as the rule identifier in the resource path. Format: projects/{project}/locations/{location}/instances/{instance}/iocs/-

Query parameters

Parameters
timestampRange

object (Interval)

Required. Time range [start, end) in which matched to be queried. UI/FE is expected to pass in NOW as end.
addMandiantAttributes

boolean

Optional. Indicates if mandiant attributes should be added to the ioc response.
pageSize

integer

Optional. The maximum number of detections to return.
pageToken

string

Optional. A page token, received from a previous ListIocMatches call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to ListIocMatches must match the call that provided the page token.
filter

string

Optional. A filter that can be used to retrieve specific ioc matches. The following fields are filterable: archived, name

Request body

The request body must be empty.

Response body

Response containing matched IoCs

If successful, the response body contains data with the following structure:

JSON representation 
{
  "ioc_matches": [
    {
      object (IocMatch)
    }
  ],
  "next_page_token": string
}
Fields
ioc_matches[]

object (IocMatch)

IoC Matches returned for the query.
next_page_token

string

A token that can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.