- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- LegacyIocCuratedDetection
- Try it!
Full name: projects.locations.instances.iocs.searchCuratedDetectionsForIoc
Search curated detections for an Ioc.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{name}:searchCuratedDetectionsForIoc
Path parameters
Parameters | |
---|---|
name |
Required. projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc} |
Query parameters
Parameters | |
---|---|
artifactIndicator |
Required. An indicator to identify an artifact. Artifact indicator can be one of domain name, destination ip address, md5 hash, sha1 hash, or sha256 hash. |
timestampRange |
Optional. Time range in which we want to find detections. |
pageSize |
Optional. The maximum number of detections to return. |
pageToken |
Optional. A page token, received from a previous |
Request body
The request body must be empty.
Response body
Response message to search for curated detection of an Ioc
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "detections": [ { object ( |
Fields | |
---|---|
detections[] |
List of all detection to be displayed. |
artifact_indicator |
Metadata about the artifact of interest. |
next_page_token |
A token that can be sent as |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
LegacyIocCuratedDetection
Described the detections generated by curated rules.
JSON representation |
---|
{ "priority": enum ( |
Fields | |
---|---|
priority |
The priority of a detection. |
ic_score |
Optional. Mandiant Scoring on severity of maliciousness. |
device_action |
Device action tells whether the detection id blocked or not. |
asset_hostname |
Hostname of the asset of the detection. |
asset_ip |
IP address of the asset of the detection. |
log_source |
Source of the detection log. |
user_id |
User ID. |
detection_id |
Detection ID. A base64-encoded string. |
detection_time |
Detection time of a detection. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |