Method: legacy.legacyCalculateAlertStats

Full name: projects.locations.instances.legacy.legacyCalculateAlertStats

Legacy endpoint for fetching alert stats (counts based on fields) for a given time range.

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyCalculateAlertStats

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Parameters

Parameters
`timestampRange`	`object (Interval)` Required. Timerange to filter alerts by. Maximum allowed time range is 30 days.

timestampRange

object (Interval)

Required. Timerange to filter alerts by. Maximum allowed time range is 30 days.

The request body must be empty.

Returns alerts stats over a given time range. NEXT TAG: 5

If successful, the response body contains data with the following structure:

JSON representation
{ "total_alerts": integer, "alert_status_count": { object (`AlertStatusCount`) }, "timestamp_range": { object (`Interval`) }, "alert_severity_distribution": { object (`AlertSeverityDistribution`) } }

Fields
`total_alerts`	`integer` Count of total number of alerts in the give time range.
`alert_status_count`	`object (AlertStatusCount)` Count of alerts split on backstory.Status field.
`timestamp_range`	`object (Interval)` Time range used to fetch the stats.
`alert_severity_distribution`	`object (AlertSeverityDistribution)` Count of alerts in each severity category.

Requires the following OAuth scope:

For more information, see the Authentication Overview.

Requires the following IAM permission on the instance resource:

For more information, see the IAM documentation.

AlertStatusCount

Count of alerts split on backstory.Status field.

JSON representation
{ "open": integer, "closed": integer }

Fields

Fields
`open`	`integer` Count of alerts in status NEW or OPEN or REVIEWED.
`closed`	`integer` Count of alerts in status CLOSED.

open

integer

Count of alerts in status NEW or OPEN or REVIEWED.

closed

integer

Count of alerts in status CLOSED.

Count of alerts in each severity category.

JSON representation
{ "severity_unset": integer, "info": integer, "low": integer, "medium": integer, "high": integer, "critical": integer }

Fields
`severity_unset`	`integer` Count of alerts for which severity score is not set or set to zero.
`info`	`integer` Count of alerts for which severity score is in the range [1, 20).
`low`	`integer` Count of alerts for which severity score is in the range [20, 50).
`medium`	`integer` Count of alerts for which severity score is in the range [50, 80).
`high`	`integer` Count of alerts for which severity score is in the range [80, 90).
`critical`	`integer` Count of alerts for which severity score is in the range [90, 100].