Method: iocs.searchCuratedDetectionsForIoc

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
LegacyIocCuratedDetection
- JSON representation
Try it!

Full name: projects.locations.instances.iocs.searchCuratedDetectionsForIoc

Search curated detections for an Ioc.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{name}:searchCuratedDetectionsForIoc

Path parameters

Parameters

Parameters
`name`	`string` Required. projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc}

name

string

Required. projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc}

Query parameters

Parameters
`artifactIndicator`	`object (IocArtifactIndicator)` Required. An indicator to identify an artifact. Artifact indicator can be one of domain name, destination ip address, md5 hash, sha1 hash, or sha256 hash.
`timestampRange`	`object (Interval)` Optional. Time range in which we want to find detections.
`pageSize`	`integer` Optional. The maximum number of detections to return.
`pageToken`	`string` Optional. A page token, received from a previous `SearchDetectionEventsForIoC` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchDetectionEventsForIoC` must match the call that provided the page token.

Request body

The request body must be empty.

Response body

Response message to search for curated detection of an Ioc

If successful, the response body contains data with the following structure:

JSON representation
{ "detections": [ { object (`LegacyIocCuratedDetection`) } ], "artifact_indicator": { object (`IocArtifactIndicator`) }, "next_page_token": string }

Fields

Fields
`detections[]`	`object (LegacyIocCuratedDetection)` List of all detection to be displayed.
`artifact_indicator`	`object (IocArtifactIndicator)` Metadata about the artifact of interest.
`next_page_token`	`string` A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

detections[]

object (LegacyIocCuratedDetection)

List of all detection to be displayed.

artifact_indicator

object (IocArtifactIndicator)

Metadata about the artifact of interest.

next_page_token

string

A token that can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

LegacyIocCuratedDetection

Described the detections generated by curated rules.

JSON representation

JSON representation
{ "priority": enum (`Priority`), "ic_score": integer, "device_action": enum (`Action`), "asset_hostname": string, "asset_ip": string, "log_source": string, "user_id": string, "detection_id": string, "detection_time": string }

{
  "priority": enum (Priority),
  "ic_score": integer,
  "device_action": enum (Action),
  "asset_hostname": string,
  "asset_ip": string,
  "log_source": string,
  "user_id": string,
  "detection_id": string,
  "detection_time": string
}

Fields
`priority`	`enum (Priority)` The priority of a detection.
`ic_score`	`integer` Optional. Mandiant Scoring on severity of maliciousness.
`device_action`	`enum (Action)` Device action tells whether the detection id blocked or not.
`asset_hostname`	`string` Hostname of the asset of the detection.
`asset_ip`	`string` IP address of the asset of the detection.
`log_source`	`string` Source of the detection log.
`user_id`	`string` User ID.
`detection_id`	`string (bytes format)` Detection ID. A base64-encoded string.
`detection_time`	`string (Timestamp format)` Detection time of a detection. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.