Method: legacy.legacyFindUdmEvents

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
UdmEventGroup
- JSON representation
EntityGroup
- JSON representation
Try it!

Full name: projects.locations.instances.legacy.legacyFindUdmEvents

Legacy endpoint for finding UDM/entity events using tokens or ids.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyFindUdmEvents

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters

Parameters
`tokens[]`	`string` Optional. A list of tokens, with each token referring to a group of UDM/Entity events.
`ids[]`	`string (bytes format)` Optional. A list of UDM/Entity event ids that should be returned. If both tokens and ids are provided, tokens will be discarded. A base64-encoded string.
`returnUnenrichedData`	`boolean` Optional. Whether user wants unenriched data. Default value is false.

tokens[]

string

Optional. A list of tokens, with each token referring to a group of UDM/Entity events.

ids[]

string (bytes format)

Optional. A list of UDM/Entity event ids that should be returned. If both tokens and ids are provided, tokens will be discarded.

A base64-encoded string.

returnUnenrichedData

boolean

Optional. Whether user wants unenriched data. Default value is false.

Request body

The request body must be empty.

Response body

All UDM events or entity events for a given list of tokens or ids.

If successful, the response body contains data with the following structure:

JSON representation
{ "udm_event_groups": [ { object (`UdmEventGroup`) } ], "entity_groups": [ { object (`EntityGroup`) } ] }

Fields

Fields
`udm_event_groups[]`	`object (UdmEventGroup)` Groups of UDM Events. Each group of UDM Events is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.
`entity_groups[]`	`object (EntityGroup)` Groups of UDM Entities. Each group of UDM Entities is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.

udm_event_groups[]

object (UdmEventGroup)

Groups of UDM Events. Each group of UDM Events is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.

entity_groups[]

object (EntityGroup)

Groups of UDM Entities. Each group of UDM Entities is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacyFindUdmEvents

For more information, see the IAM documentation.

UdmEventGroup

All UDM events associated with a token or id. There can be multiple events associated with a single token.

JSON representation
{ "events": [ { object (`UDM`) } ] }

Fields

Fields
`events[]`	`object (UDM)` List of UDM Events associated with a token or id.

events[]

object (UDM)

List of UDM Events associated with a token or id.

EntityGroup

All UDM entity events associated with a token or id.

JSON representation
{ "entities": [ { object (`Entity`) } ] }

Fields

Fields
`entities[]`	`object (Entity)` List of Entity Events associated with a token or id.

entities[]

object (Entity)

List of Entity Events associated with a token or id.