Full name: projects.locations.instances.legacy.legacyGetEventForDetection
Legacy endpoint for getting event for curated detection.
HTTP request
Path parameters
Parameters
instance
string
Output only. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}
Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis endpoint, \u003ccode\u003eprojects.locations.instances.legacy.legacyGetEventForDetection\u003c/code\u003e, is used to retrieve event data for a specific curated detection within a Chronicle instance.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request is a \u003ccode\u003eGET\u003c/code\u003e operation to the provided URL, requiring the \u003ccode\u003einstance\u003c/code\u003e as a path parameter and \u003ccode\u003edetectionId\u003c/code\u003e, \u003ccode\u003epageSize\u003c/code\u003e, and \u003ccode\u003enextPageToken\u003c/code\u003e as query parameters.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be empty, and the response body includes data structured with \u003ccode\u003erationale\u003c/code\u003e, \u003ccode\u003econclusion\u003c/code\u003e, \u003ccode\u003eevent\u003c/code\u003e, \u003ccode\u003eentities\u003c/code\u003e, and \u003ccode\u003edetection_time\u003c/code\u003e, fields.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization for this endpoint requires the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e and the IAM permission \u003ccode\u003echronicle.legacies.legacyGetEventForDetection\u003c/code\u003e on the instance.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003edetectionId\u003c/code\u003e query parameter is mandatory, which is a base64-encoded string representing the unique ID of the curated detection, whilst \u003ccode\u003epageSize\u003c/code\u003e and \u003ccode\u003enextPageToken\u003c/code\u003e are optional parameters.\u003c/p\u003e\n"]]],[],null,[]]