Method: legacy.legacyBatchGetCases

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
LegacyCase
- JSON representation
SoarPlatformInfo
- JSON representation
ResponsePlatformType
Try it!

Full name: projects.locations.instances.legacy.legacyBatchGetCases

RPC for fetching cases for the given caseNames. If a case is not found, it is skipped (nothing is returned in its place).

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyBatchGetCases

Path parameters

Parameters

Parameters
`instance`	`string` Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}/legacy

instance

string

Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}/legacy

Query parameters

Parameters

Parameters
`names[]`	`string` Required. Names of required cases A maximum of 1000 cases can be retrieved in a batch.

names[]

string

Required. Names of required cases A maximum of 1000 cases can be retrieved in a batch.

Request body

The request body must be empty.

Response body

The BatchGetCasesResponse message NEXT TAG: 2

If successful, the response body contains data with the following structure:

JSON representation
{ "cases": [ { object (`LegacyCase`) } ] }

Fields

Fields
`cases[]`	`object (LegacyCase)` Cases corresponding to the given case names. The returned cases would be in the same order as the requested case names, except for cases that were not found.

cases[]

object (LegacyCase)

Cases corresponding to the given case names. The returned cases would be in the same order as the requested case names, except for cases that were not found.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacyBatchGetCases

For more information, see the IAM documentation.

LegacyCase

Case contains SOAR case information. NEXT_TAG: 8

JSON representation
{ "id": string, "soar_platform_info": { object (`SoarPlatformInfo`) }, "display_name": string, "stage": string, "priority": enum (`Priority`), "status": enum (`Status`), "alert_ids": [ string ] }

Fields
`id`	`string` Id of the case.
`soar_platform_info`	`object (SoarPlatformInfo)` Case related info of this same case in customer's SOAR platform.
`display_name`	`string` Display name of the Case.
`stage`	`string` Stage of the Case. Predefined values include "Triage", "Assessment", "Investigation", "Incident", "Improvement", "Research". And users can define custom string values.
`priority`	`enum (Priority)` Case Priority.
`status`	`enum (Status)` Case Status.
`alert_ids[]`	`string` Alert IDs that are part of this case.

SoarPlatformInfo

Related info of Case in customer's SOAR platform.

JSON representation
{ "case_id": string, "response_platform_type": enum (`ResponsePlatformType`) }

Fields

Fields
`case_id`	`string` Id of the case in SOAR product.
`response_platform_type`	`enum (ResponsePlatformType)` Type of SOAR product.

case_id

string

Id of the case in SOAR product.

response_platform_type

enum (ResponsePlatformType)

Type of SOAR product.

ResponsePlatformType

Available response platforms.

Enums
`RESPONSE_PLATFORM_TYPE_UNSPECIFIED`	Response platform not specified.
`RESPONSE_PLATFORM_TYPE_SIEMPLIFY`	Siemplify